Available Checks
The list of the checks the analyzer performs by default
| core.AdjustedReturnValue | Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers). |
| core.AttributeNonNull | Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute. |
| core.CallAndMessage | Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers). |
| core.DivideZero | Check for division by zero. |
| core.NullDereference | Check for dereferences of null pointers. |
| core.StackAddressEscape | Check that addresses to stack memory do not escape the function. |
| core.UndefinedBinaryOperatorResult | Check for undefined results of binary operators. |
| core.VLASize | Check for declarations of VLA of undefined or zero size. |
| core.builtin.BuiltinFunctions | Evaluate compiler builtin functions (e.g., alloca()). |
| core.builtin.NoReturnFunctions | Evaluate "panic" functions that are known to not return to the caller. |
| core.uninitialized.ArraySubscript | Check for uninitialized values used as array subscripts. |
| core.uninitialized.Assign | Check for assigning uninitialized values. |
| core.uninitialized.Branch | Check for uninitialized values used as branch conditions. |
| core.uninitialized.CapturedBlockVariable | Check for blocks that capture uninitialized values. |
| core.uninitialized.UndefReturn | Check for uninitialized values being returned to the caller. |
| deadcode.DeadStores | Check for values stored to variables that are never read afterwards. |
| deadcode.IdempotentOperations | Warn about idempotent operations. |
| osx.API | Check for proper uses of various Mac OS X APIs. |
| osx.AtomicCAS | Evaluate calls to OSAtomic functions. |
| osx.SecKeychainAPI | Check for proper uses of Secure Keychain APIs. |
| osx.cocoa.AtSync | Check for null pointers used as mutexes for @synchronized. |
| osx.cocoa.ClassRelease | Check for sending 'retain', 'release', or 'autorelease' directly to a Class. |
| osx.cocoa.IncompatibleMethodTypes | Warn about Objective-C method signatures with type incompatibilities. |
| osx.cocoa.NSAutoreleasePool | Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode. |
| osx.cocoa.NSError | Check usage of NSError** parameters. |
| osx.cocoa.NilArg | Check for prohibited nil arguments to ObjC method calls. |
| osx.cocoa.RetainCount | Check for leaks and improper reference count management. |
| osx.cocoa.UnusedIvars | Warn about private ivars that are never used. |
| osx.cocoa.VariadicMethodTypes | Check for passing non-Objective-C types to variadic methods that expect only Objective-C types. |
| osx.coreFoundation.CFError | Check usage of CFErrorRef* parameters. |
| osx.coreFoundation.CFNumber | Check for proper uses of CFNumberCreate. |
| osx.coreFoundation.CFRetainRelease | Check for null arguments to CFRetain/CFRelease. |
| unix.API | Check calls to various UNIX/Posix functions. |
In addition to these the analyzer contains numerous experimental (beta) checkers.