Frederic Cambus discusses the importance of minimizing false positives in static analyzers for actionable reports. Coverity’s success in this area led to popularity despite being closed-source. LLVM offers the LLVM_ENABLE_Z3_SOLVER build option to use the Z3 solver for the Clang static analyzer, with instructions for Debian 11 but lacking in other distributions. Cambus added build options to llvm and clang packages in Pkgsrc for NetBSD users. Two methods for using Z3 with the Clang Static Analyzer are presented, one slower with external solver and one faster with refutation. Running the analyzer without Z3 can lead to false positives with default constraints.
https://www.cambus.net/clang-static-analyzer-and-the-z3-constraint-solver/