In this chapter, we explored how the Clang Static Analyzer differs from simple bug detection tools that run on the compiler frontend. We provided examples where the static analyzer is more accurate and explained that there is trade-off between accuracy and computing time, and that the exponential-time static analyzer algorithm is unfeasible to be integrated into the regular compiler pipeline because of the time it needs to complete its analyses. We also presented how to use the command-line interface to run the static analyzer on simple projects and a helper tool called scan-build to analyze large projects. We finished this chapter by presenting how to extend the static analyzer with your own path-sensitive bug checker.

In the next chapter, ...