Available Checks
The list of the checks the analyzer performs by default
| core.AdjustedReturnValue | Check to see if the return value of a function call is different than the caller expects (e.g., from calls through function pointers). |
| core.AttributeNonNull | Check for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute. |
| core.CallAndMessage | Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers). |
| core.DivideZero | Check for division by zero. |
| core.NullDereference | Check for dereferences of null pointers. |
| core.StackAddressEscape | Check that addresses to stack memory do not escape the function. |
| core.UndefinedBinaryOperatorResult | Check for undefined results of binary operators. |
| core.VLASize | Check for declarations of VLA of undefined or zero size. |
| core.builtin.BuiltinFunctions | Evaluate compiler builtin functions (e.g., alloca()). |
| core.builtin.NoReturnFunctions | Evaluate "panic" functions that are known to not return to the caller. |
| core.uninitialized.ArraySubscript | Check for uninitialized values used as array subscripts. |
| core.uninitialized.Assign | Check for assigning uninitialized values. |
| core.uninitialized.Branch | Check for uninitialized values used as branch conditions. |
| core.uninitialized.CapturedBlockVariable | Check for blocks that capture uninitialized values. |
| core.uninitialized.UndefReturn | Check for uninitialized values being returned to the caller. |
| deadcode.DeadStores | Check for values stored to variables that are never read afterwards. |
| osx.API | Check for proper uses of various Mac OS X APIs. |
| osx.AtomicCAS | Evaluate calls to OSAtomic functions. |
| osx.SecKeychainAPI | Check for proper uses of Secure Keychain APIs. |
| osx.cocoa.AtSync | Check for null pointers used as mutexes for @synchronized. |
| osx.cocoa.ClassRelease | Check for sending 'retain', 'release', or 'autorelease' directly to a Class. |
| osx.cocoa.IncompatibleMethodTypes | Warn about Objective-C method signatures with type incompatibilities. |
| osx.cocoa.NSAutoreleasePool | Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode. |
| osx.cocoa.NSError | Check usage of NSError** parameters. |
| osx.cocoa.NilArg | Check for prohibited nil arguments to ObjC method calls. |
| osx.cocoa.RetainCount | Check for leaks and improper reference count management. |
| osx.cocoa.SelfInit | Check that 'self' is properly initialized inside an initializer method. |
| osx.cocoa.UnusedIvars | Warn about private ivars that are never used. |
| osx.cocoa.VariadicMethodTypes | Check for passing non-Objective-C types to variadic methods that expect only Objective-C types. |
| osx.coreFoundation.CFError | Check usage of CFErrorRef* parameters. |
| osx.coreFoundation.CFNumber | Check for proper uses of CFNumberCreate. |
| osx.coreFoundation.CFRetainRelease | Check for null arguments to CFRetain/CFRelease. | osx.coreFoundation.containers.OutOfBounds | Checks for index out-of-bounds when using 'CFArray' API. |
| osx.coreFoundation.containers.PointerSizedValues | Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values. |
| security.FloatLoopCounter | Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP). |
| security.insecureAPI.UncheckedReturn | Warn on uses of functions whose return values must be always checked. |
| security.insecureAPI.getpw | Warn on uses of the 'getpw' function. |
| security.insecureAPI.gets | Warn on uses of the 'gets' function. |
| security.insecureAPI.mkstemp | Warn when 'mkstemp' is passed fewer than 6 X's in the format string. |
| security.insecureAPI.mktemp | Warn on uses of the 'mktemp' function. |
| security.insecureAPI.rand | Warn on uses of the 'rand', 'random', and related functions. |
| security.insecureAPI.strcpy | Warn on uses of the 'strcpy' and 'strcat' functions. |
| security.insecureAPI.vfork | Warn on uses of the 'vfork' function. |
| unix.API | Check calls to various UNIX/Posix functions. |
| unix.Malloc | Check for memory leaks, double free, and use-after-free problems. |
| unix.MallocSizeof | Check for dubious malloc arguments involving sizeof. |
| unix.cstring.BadSizeArg | Check the size argument passed into C string functions for common erroneous patterns. |
| unix.cstring.NullArg | Check for null pointers being passed as arguments to C string functions. |
In addition to these the analyzer contains numerous experimental (beta) checkers.