This matcher already exists either as global matcher or in some other check. please refactor it out.

const fixing is a complicated issue. I would rather not do this now, as there is currently a patch in flight that does the general case.
If you really want it, there is a util for that in clang-tidy/util/ that is able to do some const-fixing.

Please describe the check with one sentence and sync that with the check documentation.

Please adjust the documentation here as well :)

Please add test-cases for pointers and references of builtins (int and the like) and classes/structs/enums/unions, function pointers and member function/data pointers.
We need to consider template variables as well (i think a c++14 feature).

I am not sure about the consteval support in clang for c++20, but for each feature from a newer standard its better to have a additional test-file that will use this standard.

Please write the comments as full sentences with punctuation. I think ... only the data they reference ....

The matchers here are not pointers/references. Therefore, the llvm guidelines say they should not be const.

each of those ifs should return early, or could multiple match?
If only one can match the structure could be changed a bit to

if (const auto* Variable = Result.Nodes.getNodeAs<VarDecl>("non-const_variable")) {
    diag(...);
    return;
}

If you change the order of the ifs in the order of matches you expect to happen most, this should be a bit faster as well, as retrieving the matches introduces some overhead that is not relevant in the current situation.

If you keep only one statement within the if you should ellide the braces, per coding convention.

The official name is "C++ Core Guidelines", i think we should stick to that.
And please ellide the new empty line above.

Please add a link to the affected section and provide a small example (can be the example from the guidelines) what is diagnosed and why.

diagnosing those might be undesired. maybe having an option to enable/disable this would be nice?
We should try to allow reducing the noise level of clang-tidy.

Why are you filtering out anonymous namespaces?

Based on my reading of the C++ core guideline, I think there should be a different two diagnostics. One for the declaration of i and one for the declaration of i_ptr, because of this from the rule:

The rule against global variables applies to namespace scope variables as well.

I'd sink the local variables into the if statement:

if (const auto *Var = Result.Nodes.getNodeAs<VarDecl>("non-const_variable")) {
  ...
}

(If you don't want to wrap lines, you can make the string literals a bit shorter.)

pointed to -> pointed-to

Spurious semicolon

Can re-flow this string literal.

Spurious semicolon.

Can re-flow this string literal.

pointed to -> pointed-to

Add backticks around things that should be in code font like NoMembers.

Backticks here as well.

Rather than NoMembers, how about going with IgnoreDataMembers?

Please add a newline to the end of the file.

list.rst changed, you should update this!
Thanks

It is, however, at namespace scope which is what the C++ Core Guideline suggests to diagnose. Do you have evidence that this is the interpretation the guideline authors were looking for (perhaps they would like to update their suggested guidance for diagnosing)?

There are two dependency issues to global variables -- one is surprising linkage interactions (where the extern nature of the symbol is an issue across module boundaries) and the other is surprising name lookup behavior within the TU (where the global nature of the symbol is an issue). e.g.,

namespace {
int ik;
}

void f() {
  for (int ij = 0; ik < 10; ij++) { // Oops, typo, but still compiles
  }
}

That's why I think the guideline purposefully does not exclude things like anonymous namespaces.

Sorry for not being clear -- the string literal spans three lines when it only needs to span two by re-writing the literal. e.g.,

"member variable %0 provides global access to non-const type, "
"consider making the pointed-to data const"

I'd like to follow that discussion so that I can be consistent with my review advice, too.

Ah, yes that's looks better of course. Will fix that in coming update.

I don't have any evidence. To me the guideline still looks a bit draft-like, so I just tried my best guess as to the intent of the guideline.
In reading the guideline I get the impression that the intent is to avoid globally accessible data which is mutable,
mainly for two reason:

• It's hard to reason about code where you are dependent upon state which can be changed from anywhere in the code.
• There is a risk of race conditions with this kind of data.

Keeping the variable in an anonymous namespace seems to deals with the issues which I interpret to be the focus of this guideline.
Consider that the guideline is part of the interface section. If the variable is declared in an anonymous namespace there is no risk that a user of some service interface adds a dependency to that variable, since the variable will be a hidden part of the provider implementation.

Admittedly the wording doesn't mention an exception for anonymous namespaces, and the sentence you have referenced seems to suggest that any non-const variable in namespace scope should be matched.
I'm guessing though, that was intended to clarify that a variable is still global even if in a (named) namespace, because that would not have been an obvious interpretation otherwise.
Without the referenced sentence one might interpret only variables outside of namespace scope as global.
Arguably a variable in namespace scope isn't globally declared, though it is globally accessible, via the namespace name. I think the global accessibility is the reason for dragging in variables from namespace scope and if that is the case then we shouldn't also need to worry about anonymous namespaces.
This should probably be clarified in the actual guideline.

Good point!

I propose this patch to explain
https://reviews.llvm.org/D71963

this is a lazy copy and paste of
https://github.com/Ericsson/codechecker/blob/master/config/config.md

It should not be there. It won't be referenced on the list.

If you are uncomfortable setting a severity, leave it empty but it should clearly move above, not on the toctree

Great, will make sure to contribute some feedback to that.

This should probably be clarified in the actual guideline.

This sort of thing comes up with coding guidelines from time to time and the way we usually handle it is to ask the guideline authors for guidance. If they come back with an answer, then we go that route (while the authors fix the text) and if they don't come back with an answer, we muddle our way through. Would you mind filing an issue with the C++ Core Guideline folks to see if they can weigh in on the topic? If they don't respond in a timely fashion, I think it would make more sense to err on the side of caution and diagnose declarations within anonymous namespaces. This matches the current text from the core guideline, and we can always relax the rule if we find it causes a lot of heartache in the wild. (If you have data about how often this particular aspect of the check triggers on large real-world code bases, that could help us make a decision too.)

I sent a pull request to the guide lines, suggesting a clarification. If that is addressed in the near future I guess we can go on what they say about the pull request. If it takes to long I'll just modify the code to warn in anonymous namespace as well.
https://github.com/isocpp/CppCoreGuidelines/pull/1553

Thank you, I think that approach makes sense.

missing return?

I would prefer if the I.2 of C++ Core Guidelines is a link and to remove the link-string below this paragraph.

This is technically not valid code, as the pointer needs to be initialized and a ; is missing. I think that should be fixed to not mislead inexperienced programmers.

No, one of the below matchers may also be valid, in case we have a non-const member variable which is also a pointer or reference to non-const data.

I see. Please add a FALLTHROUGH comment or the like, as it breaks the pattern a lot and is not obvious from local code.

It seems to me like this list is still generated the old way if one uses add_new_check.py to add a new check.
@sylvestre.ledru could you please also adapt that script to generate the table instead of the list?

I think these cases should be combined to avoid duplication.

if (const auto *VD = Result.Nodes.getNodeAs<VarDecl>("whatever")) {
  diag(VD->getLocation(), "variable %0 provides global access to a non-const object; considering making the %select{referenced|pointed-to}1 data 'const'") << VD << VD->getType()->isReferenceType();
  return;
}

the matcher needs to be changed to bind to the same id for both cases.

Note, this rewords the diagnostic slightly to avoid type/object confusion (the variable provides access to an object of a non-const type, not to the type itself).

This isn't legal code.

This isn't legal code either.

You may want to run the example through the compiler to catch these sort of things.

You mean just the pointer and reference cases right? That matcher seems to get much more complicated, I'm having some trouble accomplishing that. Are you sure that's necessary? What would the cases of duplication be?

You mean just the pointer and reference cases right?

Yup!

Are you sure that's necessary? What would the cases of duplication be?

Not strictly necessary, so if this turns out to be hard, I'm fine skipping it. However, I was thinking it would be something like:

// Registering checks
Finder->addMatcher(GlobalReferenceToNonConst.bind("qual-non-const"), this);
Finder->addMatcher(GlobalPointerToNonConst.bind("qual-non-const"), this);

// In check
if (const auto *VD = Result.Nodes.getNodeAs<VarDecl>("qual-non-const")) {
  diag(VD->getLocation(),
          "variable %0 provides global access to a non-const object; considering making the %select{pointed-to|referenced}1 data 'const'") << VD << VD->getType()->isReferenceType();
  return;
  }