This seems like an extension? I think that we want to explicitly mark this as an extension, as this is not available in GCC AFAIK.

Is this meant for C or C++? Given that the docs reference the C++20 designated initialization, I suspect that this is meant for C++, in which case, we should restrict this to the C++ language. At which point, perhaps we should restrict the spelling to the C++ attribute syntax as well?

This seems like an extension as well? I’m not sure that the spelling here is good. It seems overly general. At the very least, something like __attribute__((__designated_initialization_required__)) seems better.

I think it would be better to reference the specification instead of a link to cppreference. Also, I think its better to use the language agnostic URL.

I would just use auto, you spell out the type in the expression.

TD && is tautologically true. Please drop it.

I would use auto as you spell out the type in the expression.

I would just combine this with the previous like and unindent the rest of the path by using the following:

if (!isa<DesignatedInitExpr>(init))
  continue;

A new line before this line would be nice.

Any reason that this cannot be const auto *FD?

Why the macro?

Why the macro?

I modeled this file after test/SemaCXX/attr-require-constant-initialization.cpp where a macro is defined at the top. I assume just to keep things neat.

See above.

This should be RequiresDesignator.

This should use the Clang attribute spelling rather than CXX11.

I'd prefer this be named requires_designator.

I'm a bit confused by this subject -- it's a declaration attribute that appertains to types? Why is this not RecordDecl instead?

This should be RequiresInit

This should also use the Clang spelling. Also, I'd prefer this be named requires_init.

As it stands, these two attribute names are *way* too similar.

The behavior should be documented as to what happens when you apply these attributes to unions.

anytime -> any time

struct's -> structure's

anytime -> any time
struct/class -> struct

I'm a little uncomfortable with these being errors rather than warnings. I think of these attributes as being preferences rather than requirements; the code isn't *wrong* if it fails to use the designated initializer (it's conforming to C or C++, does not have UB, etc) and other implementations are free to ignore those attributes and the end result will be identical to what's produced by Clang.

What do you think about turning these into warnings? Users can always use -Werror to strengthen their own requirements.

Any reason this shouldn't be const auto *? (Propagated elsewhere.)

You can use a range-based for loop over inits(), I believe. Also, the variable should be named Init to meet the coding style.

Rather than use hasAttr<> and getAttr<> like this, you should only use getAttr<> above. e.g., if (const auto *RAttr = TD->getAttr<RequireDesignatedInitAttr>()).

You can use const auto * here.

inits() and Init, as above.

const auto *

Name per coding styles.

const auto *

const auto *A (naming conventions and not conflicting with a type name).

const auto *

Don't do hasAttr<> followed by getAttr<>, also watch the naming conventions.

const auto *

const auto *

hasAttr<> followed by getAttr<>, as above.

Currently, both of these functions aren't needed (once you fix the code in Attr.td) because the checking is handled automatically for you. You can use handleSimpleAttribute() instead, from within the switch below.

I think you're missing the changes for the other attribute.

What should happen in these sort of situations?

class C {
  ATTR int x; // This field is private
};

struct S {
  ATTR int x;
};

struct D : private S { // S::x is private when referenced through D
};

If we're ignoring the attribute, we should diagnose it as being ignored. But I'm also not certain how friendship should interact with this.

FWIW, I prefer seeing the attribute used explicitly. The macro is more of a distraction.

I think this should ignore fields that cannot be initialized, as in:

class C {
  int a;
protected:
  int b;
public:
  int c;
};

C c{.c = 12}; // Don't complain about a or b.

I'd also like to see more involved situations, like classes with inherited fields, privately inherited classes, etc. Also, some tests with unions would be appreciated as well.

Same concerns here as above.

That makes sense, I'll make the change.

Hmm, after making this suggestion, I noticed that GCC seems to support a similar attribute named designated_init (https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#Common-Type-Attributes). Was your goal to support the same thing GCC supported?

These new warnings should be controlled under a diagnostic group. I would recommend designated-init because that's what's used by GCC for their attribute, but that's only because I am assuming you want your attribute to match their behavior.

const auto * here as well?

You don't use DIE -- this should switch to an isa<> instead.

const auto * here and below?

designated_init is a suggestion, the original patch seemed to be a stronger version. I think that we should be supporting the GNU spelling for designated_init and can support a Clang spelling of requires_designated_init if the goal is to have the stronger guarantee that this *must* happen.

I hadn't known about the GCC attribute until now. Yes, the requires_designator (originally require_designated_init) attribute wants to enforce the same thing I believe. I couldn't find more documentation for the GCC designated_init attribute so it's a little tough to tell whether the behavior is the exact same. The attribute in this patch allows a field to be default constructed (unless the other attribute is applied to that specific field) but enforces that a brace initializer must be used. So Foo foo {}; would be valid (every field is default constructed) but Foo foo; would not be valid. I'm not sure if that's the same behavior the GCC attribute is trying to enforce. But on a high level, both are trying to prohibit using positional args when declaring a struct.

@compnerd I don't mind this attribute generating warnings rather than errors. It's ok for this attribute to be a "suggestion" as well. Like @aaron.ballman mentioned, "users can always use -Werror to strengthen their own requirements."

I think the correct approach then is: add this attribute under the name designated_init with the GCC spelling kind and match GCC's behavior for it (or, if we don't want to match GCC's behavior, note where we differ and why). We should put its diagnostics under a -Wdesignated-init warning group.

The next question is: are you interested in finding out whether GCC would be willing to implement the requires_init attribute? If GCC is interested in picking it up, then we can name it with the GCC spelling as well. If the GCC folks are not interested in picking up the attribute, then we should probably leave it with the Clang spelling. I'd recommend we put the diagnostics into the -Wdesignated-init warning group as well.

I think both of these attributes should also be available in C2x mode as well, but that can probably be done in a follow-up patch as it will involve tablegen changes and opens up other questions (i.e., does GCC handle C2x attributes yet, and if they do, are they making designated_init available in that mode?).

For now, adding a requires_init attribute to a field of a union will result in a warning that the attribute is ignored. In the future, I might submit another patch in the future adding behavior for this attribute for fields of a union.

Why does this have a Clang spelling in addition to the GCC spelling? I think it only needs the GCC spelling.

Please show the struct declaration itself as part of the code block.

Same here.

Why is it valuable to differ from GCC's behavior in this regard?

Given that it can be added to class types, I wonder what the behavior should be for code like:

struct Foo {
  int a = 1;
  int b, c;
  int d = 4;
};

Foo foo = {...};

Does the initializer for foo have to specify .a and .d?

Attribute name seems stale here.

Missing a full stop at the end of the comment.

This attribute spelling seems wrong, it should be designated_init, no?

You can drop the call to getTypePtr() and just use the overloaded operator->() instead.

Attribute spelling is stale in this comment.

Attribute name is stale in this comment.

This is the wrong place to do this work -- it should be done from SemaDeclAttr.cpp when processing the attribute. We should avoid adding the attribute in the first place rather than adding the attribute and then later removing it.

HasNonPublicMember = llvm::any_of(RD->fields(), [](const FieldDecl *FD) { return FD->getAccess() != AS_public; });

No need for this, you can just use cast<> directly, as the subject was already checked by the common attribute handling code.

I would probably rewrite this as:

if (cast<FieldDecl>(D)->getParent()->isUnion()) {
  S.Diag(...);
  return;
}

D->addAttr(...);

Do not use auto here as the type is not spelled out in the initialization.

I kept the Clang spelling so that there's naming consistency between the two attributes (requires_designator and requires_init). I can remove it if it's redundant/unnecessary, let me know.

The motivation behind GCC's attribute seems to be to avoid using positional arguments:

The intent of this attribute is to allow the programmer to indicate that a structure’s layout may change, and that therefore relying on positional initialization will result in future breakage.

The motivation behind this attribute is a little bit different. Instead of avoiding the use of positional arguments, the goal of this attribute is to bring ObjC-style named parameters to C/C++ and to be able to enforce their use in certain situations. In line with this goal, we wanted to forbid the following pattern:

Foo foo;
foo.x = 42;
foo.y = 36;

That's why this attribute enforces that all declarations be brace-initialized.

The requires_designator attribute doesn't require that any of the fields have to be specified, only that designated initializer syntax has to be used. So, for the struct definition above, any of the following are valid:

Foo foo {};
Foo foo {.a = 1, .b = 2, .c = 3, .d = 4};
Foo foo {.b = 2, .c = 3};

Any of the fields can be left out and default-initialized. I've added this example to the lit tests for the attribute.

Does it make more sense to use designated_init or requires_designator as the primary spelling for this attribute? I chose to use the requires_designator spelling so that the two attributes have consistent and similar spellings. Let me know if you think it should be the other way around (or if you want the Clang spelling removed entirely).

See comments above about keeping this spelling.

See question above regarding attribute spelling.

I thought about this a lot because I agree, it feels wrong to remove the attribute once it is already added to a field, struct, etc. However I could not think of any other way or any other place to do this check. Since all fields of the struct need to have been processed already in order to check whether there are any non-public members, it seems like the only place to do this check is at the end of handling the entire TagDecl. When the struct-level and field-level attributes are attached, we don't yet have information about the access modifiers of all the members.

This is tricky. I don't see any value in [[clang::requires_designator]] in C++ mode because [[gnu::designated_init]] suffices, so I'd kind of prefer to see the Clang spelling go away. This attribute can also be used in C with __attribute__((designated_init)) which is great, but I'd also like to see it be made available in C with double square bracket syntax (supported in C2x or via a feature flag). However, there is no [[gnu::designated_init]] supported by GCC, so it would be an abuse of the gnu namespace to add it there. Having a Clang spelling gets around that issue. That said, I suspect GCC will support C2x attributes at some point, so I would expect this attribute to be supported there eventually, so the issue remains.

I think I've convinced myself that we should just drop the Clang spelling and wait to handle the C2x square bracket attribute until later, since C users can still use the GNU spelling. You should also rename the attribute DesignatedInit and change the other places with the older spelling.

I may still be missing something, but your rationale feels a bit more like a style-based choice than preventing common mistakes that are hard to track down; I find the GCC rationale to be more compelling. What do you think about matching the GCC behavior in the compiler warning, but adding the additional restrictions you'd like to see as a clang-tidy check?

So if I had a structure declaration like:

struct S {
  int a = 1;
  int b = 2;
};

S s;

This would fail because s is not initialized with curly braces? I don't think that's a particularly good behavior for C++.

This is a bit moot since I think we'll want to drop the secondary spelling, but a better approach would be to use %0 and pass in the Attr object directly so that we get the name used by the user instead of a static attribute name.