Static checker frameworks support software developers by automatically
discovering bugs that fit general-purpose bug patterns. These frameworks ship
with hundreds of detectors for such patterns and allow developers to add custom
detectors for their own projects. However, existing frameworks generally
encode detectors in imperative specifications, with extensive details of not
only \emph{what} to detect but also \emph{how}. These details complicate
detector maintenance and evolution, and also interfere with the
framework's ability to change how detection is done, for instance, to make the
detectors incremental.

In this paper, we present \textsc{JavaDL}, a Datalog-based declarative specification
language for bug pattern detection in Java code. \textsc{JavaDL} seamlessly supports both
exhaustive and incremental evaluation from the same detector specification.
This specification allows developers to describe local detector components
via \emph{syntactic pattern matching}, and nonlocal (e.g., interprocedural)
reasoning via \emph{Datalog-style logical rules}.

We compare our approach against the well-established SpotBugs and Error Prone
tools by re-implementing several of their detectors in \textsc{JavaDL}. We find that
our implementations are substantially smaller and similarly effective at
detecting bugs on the Defects4J benchmark suite, and run with competitive
runtime performance. In our experiments, neither incremental nor exhaustive
analysis can consistently outperform the other, which
highlights the value of our ability to transparently switch execution modes.
We argue that our approach showcases the potential of \emph{clear-box static
checker frameworks} that constrain the bug detector specification language to
enable the framework to adapt and enhance the detectors.