clang -cc1 -analyzer-checker-help, see https://gist.github.com/steipete/86c4db2cda22aa7427bb453907885c1f (Update for Xcode 9b1)

AvailailableAnalyzers

clang --version
Apple LLVM version 9.0.0 (clang-900.0.22.8)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir: /Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin

clang -cc1 -analyzer-checker-help
OVERVIEW: Clang Static Analyzer Checkers List

USAGE: -analyzer-checker <CHECKER or PACKAGE,...>

CHECKERS:
  alpha.clone.CloneChecker        Reports similar pieces of code.
  alpha.core.BoolAssignment       Warn about assigning non-{0,1} values to Boolean variables
  alpha.core.CallAndMessageUnInitRefArg
                                  Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers, and pointer to undefined variables)
  alpha.core.CastSize             Check when casting a malloc'ed type T, whether the size is a multiple of the size of T
  alpha.core.CastToStruct         Check for cast from non-struct pointer to struct pointer
  alpha.core.Conversion           Loss of sign/precision in implicit conversions
  alpha.core.DynamicTypeChecker   Check for cases where the dynamic and the static type of an object are unrelated.
  alpha.core.FixedAddr            Check for assignment of a fixed address to a pointer
  alpha.core.IdenticalExpr        Warn about unintended use of identical expressions in operators
  alpha.core.PointerArithm        Check for pointer arithmetic on locations other than array elements
  alpha.core.PointerSub           Check for pointer subtractions on two pointers pointing to different memory chunks
  alpha.core.SizeofPtr            Warn about unintended use of sizeof() on pointer expressions
  alpha.core.TestAfterDivZero     Check for division by variable that is later compared against 0. Either the comparison is useless or there is division by zero.
  alpha.cplusplus.IteratorPastEnd
                                  Check iterators used past end
  alpha.cplusplus.MisusedMovedObject
                                  Method calls on a moved-from object and copying a moved-from object will be reported
  alpha.deadcode.UnreachableCode  Check unreachable code
  alpha.osx.cocoa.DirectIvarAssignment
                                  Check for direct assignments to instance variables
  alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions
                                  Check for direct assignments to instance variables in the methods annotated with objc_no_direct_instance_variable_assignment
  alpha.osx.cocoa.InstanceVariableInvalidation
                                  Check that the invalidatable instance variables are invalidated in the methods annotated with objc_instance_variable_invalidator
  alpha.osx.cocoa.MissingInvalidationMethod
                                  Check that the invalidation methods are present in classes that contain invalidatable instance variables
  alpha.osx.cocoa.localizability.PluralMisuseChecker
                                  Warns against using one vs. many plural pattern in code when generating localized strings.
  alpha.security.ArrayBound       Warn about buffer overflows (older checker)
  alpha.security.ArrayBoundV2     Warn about buffer overflows (newer checker)
  alpha.security.MallocOverflow   Check for overflows in the arguments to malloc()
  alpha.security.ReturnPtrRange   Check for an out-of-bound pointer being returned to callers
  alpha.security.taint.TaintPropagation
                                  Generate taint information used by other checkers
  alpha.unix.BlockInCriticalSection
                                  Check for calls to blocking functions inside a critical section
  alpha.unix.Chroot               Check improper use of chroot
  alpha.unix.PthreadLock          Simple lock -> unlock checker
  alpha.unix.SimpleStream         Check for misuses of stream APIs
  alpha.unix.Stream               Check stream handling functions
  alpha.unix.cstring.BufferOverlap
                                  Checks for overlap in two buffer arguments
  alpha.unix.cstring.NotNullTerminated
                                  Check for arguments which are not null-terminating strings
  alpha.unix.cstring.OutOfBounds  Check for out-of-bounds access in string functions
  apiModeling.google.GTest        Model gtest assertion APIs
  core.CallAndMessage             Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)
  core.DivideZero                 Check for division by zero
  core.DynamicTypePropagation     Generate dynamic type information
  core.NonNullParamChecker        Check for null pointers passed as arguments to a function whose arguments are references or marked with the 'nonnull' attribute
  core.NullDereference            Check for dereferences of null pointers
  core.StackAddressEscape         Check that addresses to stack memory do not escape the function
  core.UndefinedBinaryOperatorResult
                                  Check for undefined results of binary operators
  core.VLASize                    Check for declarations of VLA of undefined or zero size
  core.builtin.BuiltinFunctions   Evaluate compiler builtin functions (e.g., alloca())
  core.builtin.NoReturnFunctions  Evaluate "panic" functions that are known to not return to the caller
  core.uninitialized.ArraySubscript
                                  Check for uninitialized values used as array subscripts
  core.uninitialized.Assign       Check for assigning uninitialized values
  core.uninitialized.Branch       Check for uninitialized values used as branch conditions
  core.uninitialized.CapturedBlockVariable
                                  Check for blocks that capture uninitialized values
  core.uninitialized.UndefReturn  Check for uninitialized values being returned to the caller
  cplusplus.NewDelete             Check for double-free and use-after-free problems. Traces memory managed by new/delete.
  cplusplus.NewDeleteLeaks        Check for memory leaks. Traces memory managed by new/delete.
  cplusplus.SelfAssignment        Checks C++ copy and move assignment operators for self assignment
  deadcode.DeadStores             Check for values stored to variables that are never read afterwards
  debug.AnalysisOrder             Print callbacks that are called during analysis in order
  debug.ConfigDumper              Dump config table
  debug.DumpBugHash               Dump the bug hash for all statements.
  debug.DumpCFG                   Display Control-Flow Graphs
  debug.DumpCallGraph             Display Call Graph
  debug.DumpCalls                 Print calls as they are traversed by the engine
  debug.DumpDominators            Print the dominance tree for a given CFG
  debug.DumpLiveVars              Print results of live variable analysis
  debug.DumpTraversal             Print branch conditions as they are traversed by the engine
  debug.ExprInspection            Check the analyzer's understanding of expressions
  debug.Stats                     Emit warnings with analyzer statistics
  debug.TaintTest                 Mark tainted symbols as such.
  debug.ViewCFG                   View Control-Flow Graphs using GraphViz
  debug.ViewCallGraph             View Call Graph using GraphViz
  debug.ViewExplodedGraph         View Exploded Graphs using GraphViz
  llvm.Conventions                Check code for LLVM codebase conventions
  nullability.NullPassedToNonnull
                                  Warns when a null pointer is passed to a pointer which has a _Nonnull type.
  nullability.NullReturnedFromNonnull
                                  Warns when a null pointer is returned from a function that has _Nonnull return type.
  nullability.NullableDereferenced
                                  Warns when a nullable pointer is dereferenced.
  nullability.NullablePassedToNonnull
                                  Warns when a nullable pointer is passed to a pointer which has a _Nonnull type.
  nullability.NullableReturnedFromNonnull
                                  Warns when a nullable pointer is returned from a function that has _Nonnull return type.
  optin.cplusplus.VirtualCall     Check virtual function calls during construction or destruction
  optin.mpi.MPI-Checker           Checks MPI code
  optin.osx.cocoa.localizability.EmptyLocalizationContextChecker
                                  Check that NSLocalizedString macros include a comment for context
  optin.osx.cocoa.localizability.NonLocalizedStringChecker
                                  Warns about uses of non-localized NSStrings passed to UI methods expecting localized NSStrings
  optin.performance.Padding       Check for excessively padded structs.
  osx.API                         Check for proper uses of various Apple APIs
  osx.NumberObjectConversion      Check for erroneous conversions of objects representing numbers into numbers
  osx.ObjCProperty                Check for proper uses of Objective-C properties
  osx.SecKeychainAPI              Check for proper uses of Secure Keychain APIs
  osx.cocoa.AtSync                Check for nil pointers used as mutexes for @synchronized
  osx.cocoa.ClassRelease          Check for sending 'retain', 'release', or 'autorelease' directly to a Class
  osx.cocoa.Dealloc               Warn about Objective-C classes that lack a correct implementation of -dealloc
  osx.cocoa.IncompatibleMethodTypes
                                  Warn about Objective-C method signatures with type incompatibilities
  osx.cocoa.Loops                 Improved modeling of loops using Cocoa collection types
  osx.cocoa.MissingSuperCall      Warn about Objective-C methods that lack a necessary call to super
  osx.cocoa.NSAutoreleasePool     Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode
  osx.cocoa.NSError               Check usage of NSError** parameters
  osx.cocoa.NilArg                Check for prohibited nil arguments to ObjC method calls
  osx.cocoa.NonNilReturnValue     Model the APIs that are guaranteed to return a non-nil value
  osx.cocoa.ObjCGenerics          Check for type errors when using Objective-C generics
  osx.cocoa.RetainCount           Check for leaks and improper reference count management
  osx.cocoa.SelfInit              Check that 'self' is properly initialized inside an initializer method
  osx.cocoa.SuperDealloc          Warn about improper use of '[super dealloc]' in Objective-C
  osx.cocoa.UnusedIvars           Warn about private ivars that are never used
  osx.cocoa.VariadicMethodTypes   Check for passing non-Objective-C types to variadic collection initialization methods that expect only Objective-C types
  osx.coreFoundation.CFError      Check usage of CFErrorRef* parameters
  osx.coreFoundation.CFNumber     Check for proper uses of CFNumber APIs
  osx.coreFoundation.CFRetainRelease
                                  Check for null arguments to CFRetain/CFRelease/CFMakeCollectable
  osx.coreFoundation.containers.OutOfBounds
                                  Checks for index out-of-bounds when using 'CFArray' API
  osx.coreFoundation.containers.PointerSizedValues
                                  Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values
  security.FloatLoopCounter       Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)
  security.insecureAPI.UncheckedReturn
                                  Warn on uses of functions whose return values must be always checked
  security.insecureAPI.getpw      Warn on uses of the 'getpw' function
  security.insecureAPI.gets       Warn on uses of the 'gets' function
  security.insecureAPI.mkstemp    Warn when 'mkstemp' is passed fewer than 6 X's in the format string
  security.insecureAPI.mktemp     Warn on uses of the 'mktemp' function
  security.insecureAPI.rand       Warn on uses of the 'rand', 'random', and related functions
  security.insecureAPI.strcpy     Warn on uses of the 'strcpy' and 'strcat' functions
  security.insecureAPI.vfork      Warn on uses of the 'vfork' function
  unix.API                        Check calls to various UNIX/Posix functions
  unix.Malloc                     Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free().
  unix.MallocSizeof               Check for dubious malloc arguments involving sizeof
  unix.MismatchedDeallocator      Check for mismatched deallocators.
  unix.StdCLibraryFunctions       Improve modeling of the C standard library functions
  unix.Vfork                      Check for proper usage of vfork
  unix.cstring.BadSizeArg         Check the size argument passed into C string functions for common erroneous patterns
  unix.cstring.NullArg            Check for null pointers being passed as arguments to C string functions
  valist.CopyToSelf               Check for va_lists which are copied onto itself.
  valist.Uninitialized            Check for usages of uninitialized (or already released) va_lists.
  valist.Unterminated             Check for va_lists which are not released by a va_end call.