I don't think debug CSA checkers belong to clang-tidy. If one needs to dump CFG, they are probably doing quite involved stuff already, so going a step further and running clang -cc1 -analyze would not be difficult. The motivation for exposing alpha checkers (letting users test them and provide feedback) doesn't work for debug checkers.
There is word play here.
They are debug CSA checkers. But not all of them are debugging the CSA. Many of them are just utility checkers that could be just as easily a clang-tidy debug/utility checkers:
$ scan-build -h | grep " debug." debug.AnalysisOrder Print callbacks that are called during analysis in order <- for CSA debugging debug.ConfigDumper Dump config table <- for CSA debugging debug.DumpCFG Display Control-Flow Graphs <- debug.DumpCallGraph Display Call Graph <- debug.DumpCalls Print calls as they are traversed by the engine <- for CSA debugging debug.DumpDominators Print the dominance tree for a given CFG <- debug.DumpLiveVars Print results of live variable analysis <- debug.DumpTraversal Print branch conditions as they are traversed by the engine <- for CSA debugging debug.ExprInspection Check the analyzer's understanding of expressions <- for CSA debugging debug.Stats Emit warnings with analyzer statistics <- for CSA debugging debug.TaintTest Mark tainted symbols as such. <- for CSA debugging debug.ViewCFG View Control-Flow Graphs using GraphViz <- debug.ViewCallGraph View Call Graph using GraphViz <- debug.ViewExplodedGraph View Exploded Graphs using GraphViz <-
I roughly understand what debug CSA checkers are. However, I don't see much value in exposing them in clang-tidy. While it may be valuable to look at the CFG dump when developing a clang-tidy check, for example, but this can be done using clang
$ clang -cc1 -help | grep cfg -cfg-add-implicit-dtors Add C++ implicit destructors to CFGs for all analyses -cfg-add-initializers Add C++ initializers to CFGs for all analyses -cfg-dump Display Control-Flow Graphs -cfg-view View Control-Flow Graphs using GraphViz -unoptimized-cfg Generate unoptimized CFGs for all analyses
All CSA debug checkers can also be invoked using clang -cc1 --analyze. The only thing clang-tidy could bring is a possibility to more easily run all these tools on a file from a project that is using a compilation database. However, that doesn't seem like a very valuable functionality, because 1. working on small artificial test cases (or test cases reduced from real code) is easier, 2. in a rare case when a file from a real project needs to be analyzed, it's possible to get compilation arguments and feed them to clang (e.g. using clang-tidy -extra-arg=-v file.cpp).