Can I write a standalone static analyzer?

Clang static analyzer is a great tool, but its checkers are only for general purpose. I want write some customized checkers. As I know, static analyzer is a port of clang, clang-tidy maybe a good choice, but it does not support path sensitive checker. It seems that I must modify clang source code? Can I write a standalone static analyzer which built on static analyzer module, but also support path sensitive checking?


Hi meritozh!

CSA supports and encourage you to write custom opt-in checkers. Please explain what does mean “general purpose” statement and in which context you have to implement a new tool?

Thanks, Alexey K

To further answer the question - I think meritozh may be saying “I wish I could write checkers without modifying the clang source code” to which the response is “you can!” You can compile your checker as a clang plugin to a shared object file and then load that plugin. That way there’s no need to recompile clang, but you are still able to write your own custom checkers.

You need to implement the clang_registerCheckers function in your plugin. See here:

Does that answer your question?
– Matthew P. Del Buono

Hi, thank you for your responses.

For Alexey, I have one method which can only be called in several special methods. Or one property, it must have a rvalue in any path, Thera are not general, I must do it by myself.

For Matthew, Clang Plugin is a better choice against modifying clang source code directly, but a plugin must be compatible with clang libraries in ABI level. Clang is a modern and modular project, so my question is, can I only link with several clang libraries, produce one tool which can do static analyze just like tools in clang-tools-extra? But it can also support path sensitive checking.

By the way, why clang-tidy can not support invoke path sensitive checkers?

P.S.: English is not my mother language, sorry for my poor English : (

Have you looked at clazy ( If it doesn't already
do what you want it might well show you how to do it yourself.


Though clazy doesn’t not support path sensitive checker, it is a great entry point for me to write a standalone tool for me. Thank you, Rene.

I think what Matthew proposed is the best way to go. You can see examples/analyzer-plugin in clang source tree - it compiles to a clang plugin that you can load into existing clang binary in run-time with a flag, and you can write your domain-specific checkers this way without modifying clang directly.

If you explicitly want a standalone tool like clang-tidy, then note that clang-tidy itself can run static analyzer checkers as well, including path-sensitive checkers as well. What i don't know, however, is whether you can load clang plugins from clang-tidy.

No, clang-tidy can not load clang plugin right now, but there is a tracking issue,
Finally, after trade-off, writing checker as plugin is the best way for me.

Thank you very much.