SourceLocations are small and trivially-copyable, they should be passed by value.

I'd use a single matcher for both functions and variables (decl(anyOf(functionDecl(), varDecl()), isDefinition()).bind("decl")) to avoid duplicating code in the callback.

Please put the C++ [basic.def.odr]: part before the quotation from the standard.

Please use const auto * to make it clear that this is a pointer. Same elsewhere.

This check can be done in the matcher.

nit: No braces needed here.

Warning messages are not full sentences. No trailing period is needed.

This check is generic enough. It should go to the misc module, IMO.

This would read slightly better: "Finds non-extern non-inline function and variable definitions in header files, which can lead to ODR violations."

Please add a link to the user-facing documentation:

// For the user-facing documentation see:
// http://clang.llvm.org/extra/clang-tidy/checks/<check-name>.html

Please update the wording to match the class comment, and also add a couple of examples of what cases does the check detect.

I think, we can already use raw string literals (at least, MSVC 2013 seems to support them). Raw string literals would make the test cases more readable, imo.

The isInline AST matcher seems only match the function with inline key words. It could not detect the member function defined within class, such as:

class A {
  int f() { return 1; }
};

Done. Move to misc module

The Raw string literals doesn't work well with multiple lines in macro. I try it on my local machine, it will break compilation.

This should use isInMainFile() instead of checking the file extension.

I wonder if you could use an AST matcher to weed out definitions that are in the main file to make the matcher a bit more narrow.

Please quote the paragraph as well (p6, in this case).

Should be declared: const auto *ND (note the position of the *). May want to run clang-format over your patch, as this applies elsewhere as well.

Why are these allowed? They can result in ODR violations if they are in a header file.

nest -> nested

Why the lookup parent instead of getParent()? Also, can this ever return a nullptr?

static -> Static

dand -> and

I don't think that this should be okay (same with static/const int examples above). See https://www.securecoding.cert.org/confluence/display/cplusplus/DCL59-CPP.+Do+not+define+an+unnamed+namespace+in+a+header+file for more details.

Is there a reason this is under unittests instead of as actual clang-tidy test files? I would prefer to see this run through clang-tidy on the shell instead of in the unit tests, unless there's something we cannot otherwise test.

Yeah, it's not a good practice to define an an unnamed namespace in header file (Google cpp code style also suggests that).

But I think internal linkage variables are ok here, the variable only be visible in current translation unit which will not cause ODR violation. And It's common to define a static const constant in C++ header file.

BTW, the sample code in the link can be compiled in g++ v4.8

I'm not sure about this. The reason I put the test in unittest is that I see the other header checks(GlobalNamesInHeadersCheck) are also in the unittest. It would be better to keep the consistency.

They do cause ODR violations. In addition to the CERT link above, see http://stackoverflow.com/questions/23652156/how-would-use-of-unnamed-namespaces-in-headers-cause-odr-violations for further information.

I was arguing for consistency as well -- clang-tidy tests are run via lit instead of unit tests unless there's a reason to do otherwise. It sounds like there's no reason for these to be unit tests.

Yep, I've found this out myself, but have forgotten to remove the comment.

I don't think "main file" is the right condition here. If we run clang-tidy on a header file, it will be the main file, but we still are interested in the diagnostics in it. So I don't see a better way to distinguish header files than looking at their extension (some projects might need the list of extensions to be configurable, but that's another story).

Do you expect this to improve performance?

I'd replace this with an assertion, since this bound node should always be a NamedDecl. To make this explicit, I'd also use the namedDecl matcher instead of decl above.

nit: Use of the same variable name distracts from the essence of the example. Please use unique variable names.

nit: Missing ; after 1.

nit: Please remove two ='s.

You mean, the EXPECT_EQ macro doesn't work with raw string literals somehow? That sounds strange.

I don't feel strongly about this, but I generally prefer lit tests as well, since they allow to test both messages and fixes easily and with less boilerplate. It's true, that setting up a test case with multiple header files may be somewhat easier in a unit test (where everything is described in a single place), but this doesn't seem to be the case.

Once you start testing fixits, a lit test will immediately become a simpler solution.

I would argue that if you run clang-tidy on just the header file, you might know what you are doing and expect to not see those diagnostics at all.

Relying on the extension makes this far less useful, IMO. For instance, even on this second try, the checker will fail to catch ODR violations in STL-style header files. You can #include "file.cpp" just as easily as "file.h" (as we do with .inc files, for instance), and that can still result in ODR violations too. To me, the extension isn't what makes this checker do interesting work, it's the fact that these can only be violations when the file is included in multiple TUs (except we can only check one TU at a time, so looking for the file to be included is the best we can do).

Possibly improve performance (I would suspect there are a lot of varDecls and a fair number of functionDecls in the main file), but I also prefer the checkers to be as declarative as possible. It makes it easier (at least for me) to reason about what AST nodes the check is ultimately interested in.

I would argue that if you run clang-tidy on just the header file, you might know what you are doing and expect to not see those diagnostics at all.

I don't agree here. What one runs the check on is a purely technical detail. It may be even hidden from the user by tooling (e.g. editor or code review integration).

Relying on the extension makes this far less useful, IMO. For instance, even
on this second try, the checker will fail to catch ODR violations in STL-style
header files.

We can make it work for STL-style header files by treating extensionless files as headers. Or make this filter a regular expression or something like that.

You can #include "file.cpp" just as easily as "file.h" (as we do with .inc files, for instance), and that can still result in ODR violations too.

We don't usually include .cpp files. And the .inc extension says the file is a textual include and usually can't be parsed on its own. And it's very uncommon to actually compile .h files on their own as a part of the build. So I'm inclined to treat the file extension as a valuable piece of information regarding its intended use.

To me, the extension isn't what makes this checker do interesting work, it's the
fact that these can only be violations when the file is included in multiple TUs

If someone includes a ".cpp" file, it's a problem, but, IMO, detection of actually present ODR violations is a task for a different tool (possibly, another clang-tidy check, once we have multi-translation-unit support). This check's purpose is to detect a certain class of issues that can potentially cause ODR violations.

(except we can only check one TU at a time, so looking for the file to be
included is the best we can do).

We can do even better by utilizing the information we already have in the file name. Do you see any specific issues that can result from this?

As noted above, "main file" is not a useful condition here. However, it's certainly possible to move some of the checks from the check method to matcher(s) (e.g. isLocationInHeaderFile). I don't feel strongly about that.

You can #include "file.cpp" just as easily as "file.h" (as we do with .inc files, for instance), and that can still result in ODR violations too.

We don't usually include .cpp files. And the .inc extension says the file is a textual include and usually can't be parsed on its own. And it's very uncommon to actually compile .h files on their own as a part of the build. So I'm inclined to treat the file extension as a valuable piece of information regarding its intended use.

The point I was getting at is that an extension is arbitrary, though somewhat conventionally-named. I don't see it as being particularly valuable in this case because "has this file been included" is sufficient information to determine whether we want to diagnose or not. I guess that these arguments all boil down to which is more likely to happen: a header file with an extension we don't capture (because user's aren't going to *know* to customize the header file extension list, generally), or the user running this checker on just the header file, but never a source file that includes the header file. While I can think of cases where the user runs it on just the header file, they seem few and far between.

Perhaps another solution to this is use isInMainFile() || usesHeaderFileExtension().

We can do even better by utilizing the information we already have in the file name. Do you see any specific issues that can result from this?

The file extension is never going to be sufficient, or even accurate, information because the extensions are just conventions and not everyone follows the typical ones. For instance, you said that .inc files usually cannot stand on their own, but that isn't strictly followed even in our project (some of the table-generated source files are .inc files that stand alone). Since this check's predominate purpose is to prevent possible ODR violations, inclusion gives more pertinent information, IMO.

@aaron, what do you mean the AST matcher here? Could you explain it a bit more?

Currently, your code checks whether something is in the header file as part of the check() callback and early returns out of it; I was suggesting making the header file check part of the AST matcher in registerMatchers() instead, so that check() isn't called on declarations that are outside of a header file at all. This makes the matcher declaratively more accurate, and it could have a (likely minor) positive performance impact.

We're looking at the problem from different angles. My view is that a reasonable file naming convention (which at least makes interface header files, textual headers and main files distinguishable) is a widespread enough practice, and the benefits it brings outweigh the costs of enforcing it. However, the opposite point of view also has its right to exist, so we need a solution that fits both ;)

Perhaps another solution to this is use isInMainFile() || usesHeaderFileExtension().

You probably meant !isInMainFile() || usesHeaderFileExtension(). I guess, that will work for us. We could also make the list of header file extensions (or a regular expression pattern for header files) configurable, so that the usesHeaderFileExtension() part could be disabled, if needed.

We're looking at the problem from different angles. My view is that a reasonable file naming convention (which at least makes interface header files, textual headers and main files distinguishable) is a widespread enough practice, and the benefits it brings outweigh the costs of enforcing it. However, the opposite point of view also has its right to exist, so we need a solution that fits both ;)

Perhaps another solution to this is use isInMainFile() || usesHeaderFileExtension().

You probably meant !isInMainFile() || usesHeaderFileExtension(). I guess, that will work for us. We could also make the list of header file extensions (or a regular expression pattern for header files) configurable, so that the usesHeaderFileExtension() part could be disabled, if needed.

Oops, you are correct, I meant !isInMainFile(). :-) I definitely agree that we should make the header file extensions configurable. Would it make sense if this were a global option that any checker can use? We have 3-4 other checkers that care about header files as well, and it would be nice if they all behaved consistently without the user having to write a lot of options for each checker.

I'm :+1 on making header file extensions configurable. I think we can do that in a new patch.

Having to configure this in a single place would be convenient. OTOH, I can imagine corner-cases, where a single option would be undesired. One thing we could do is to allow global options that can be overridden for each check. Something along the lines of (modulo tests):

  std::string OptionsView::get(StringRef LocalName, std::string Default) const {
-   const auto &Iter = CheckOptions.find(NamePrefix + LocalName.str());
+   auto Iter = CheckOptions.find(NamePrefix + LocalName.str());
    if (Iter != CheckOptions.end())
      return Iter->second;
+   // Fallback to global setting, if present.
+   Iter = CheckOptions.find(LocalName.str());
+   if (Iter != CheckOptions.end())
+     return Iter->second;
    return Default;
  }

Alternatively, we could add another method (e.g. getLocalOrGlobal) to make the usage of the global setting explicit.

What do you think?

This should read "Having a way to configure this in a single place ..."

I'm :+1 on making header file extensions configurable. I think we can do that in a new patch.

Yep, this is fine for a follow-up.

About the internal linkage variable definition, how about only warning the variable in unnamed namespace?

The const/static variable definitions in header are used more widely (We also find there are a lot of such usages in Google code repo), and Google C++ code style doesn't explicitly give suggestions about such const/static usages.

I'd say "ignored for now" instead of "allowed". We might want to flag them in the future, but these are used quite frequently, so we don't warn on these now to keep the number of warnings under control.

Maybe there should be an option for these cases.

nit: It's a warning, not error. Also, please use proper capitalization and punctuation:

int a = 1; // Warning.

or maybe even include the message:

int a = 1; // Warning: "variable definition is not allowed in header file".

Same holds for // ok: They should either be // OK. or maybe explain why certain patterns don't generate a warning.

The // ok comments add no new information. Either explain why are these OK, or just remove the comments.

We usually leave each distinct warning message full once and truncate the other CHECK-MESSAGES patterns to fit to the 80 characters limit (e.g. here I'd remove the in header file [misc-definitions-in-headers] part).

Please place the new extension after '.cpp' - it seems to be most relevant there.

I suggest that we ignore these for now and maybe add an option later.

Done. I have also updated my comments here for these cases. Right now it should be ready for review again. Thanks.

Having to configure this in a single place would be convenient. OTOH, I can imagine corner-cases, where a single option would be undesired. One thing we could do is to allow global options that can be overridden for each check. Something along the lines of (modulo tests):

<snip>

Alternatively, we could add another method (e.g. getLocalOrGlobal) to make the usage of the global setting explicit.

What do you think?

I think that's a good idea, and definitely agree it can be done in a follow-up patch.

I think we should also have a case for an extension-less file here (for people who write headers like <string>).

I suggest that we ignore these for now and maybe add an option later.

For the static and const declarations I can see some benefit to ignoring for now, but the unnamed namespace in a header file is sufficiently nasty that many coding guidelines explicitly forbid it because of ODR violations (it really doesn't do what users think it will do). It's especially strange that we will warn about using a *named* namespace in a header file, but not an *unnamed* namespace, which is decidedly more behaviorally strange. I would prefer to see the check catch at least unnamed namespaces, if not static or const variable declarations.

Also, I would be interested in hearing what "a lot of such usages in Google" means in more concrete terms for static or const definitions in header files, if you're able to share those numbers. I don't foresee that changing the requirements for this patch, but I'd still be curious to know for when I work on CERT's secure coding rules.

For the static and const declarations I can see some benefit to ignoring for now, but the unnamed namespace in a header file is sufficiently nasty that many coding guidelines explicitly forbid it because of ODR violations (it really doesn't do what users think it will do). It's especially strange that we will warn about using a *named* namespace in a header file, but not an *unnamed* namespace, which is decidedly more behaviorally strange. I would prefer to see the check catch at least unnamed namespaces, if not static or const variable declarations.

Done.

Also, I would be interested in hearing what "a lot of such usages in Google" means in more concrete terms for static or const definitions in header files, if you're able to share those numbers. I don't foresee that changing the requirements for this patch, but I'd still be curious to know for when I work on CERT's secure coding rules.

Yes, the const/static definitions are used widely in header files. The number is ~200,000 including third-party projects.

nit: This name is not clear to me. Did you mean isHeaderFileExtension or usesHeaderFileExtension?

I'm going to disappoint you: any string ends with an empty string ;)

You'll need a better logic for comparing extensions. llvm::sys::path::extension() might be useful here.

nit: I'd say in plural: Inline functions are allowed.. Same below.

Maybe add the name of the variable to the message? This would help users to understand the cause of the warning easier in case of macros, for example.

Same for the other message.

Also, we shouldn't say not allowed (not allowed by whom/what? Google C++ style guide? this check is not Google-specific, so it shouldn't rely on the user knowing/caring about Google C++ style). The message doesn't make it clear that variable definitions in header files are dangerous in general, not only this specific definition.

I'd phrase the message along the lines of "variable '%0' defined in a header file; variable definitions in header files can lead to ODR violations".

IsHeaderFileExtension is more descriptive. Have renamed to it now.

Actually, this name is also confusing, but I don't have a better idea now. Let's leave it like this.

I think, this should be opposite for two reasons:

1. variable definitions and declarations in system headers are not better than in user headers and can lead to the same problems;
2. there are people who care about system headers, so we need to produce diagnostics on them and let clang-tidy filter them out when not needed.

nit: add a space before the '('

nit: the sentence should end with a period, not a comma.

Please specify each distinct warning message (in your case, there are two of them) completely (including the check name) once. Having it in the test (just once) is useful to verify that the message is formatted correctly (in your case, there's no space after the ';', for example).

Didn't notice it. Done (also add a space after ";").

Now please address the "including the check name" part and I'm happy ;)