Index: www/analyzer/available_checks.html
===================================================================
--- www/analyzer/available_checks.html
+++ www/analyzer/available_checks.html
@@ -38,11 +38,13 @@
 <li><a href="#core_checkers">Core Checkers</a> model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.</li>
 <li><a href="#cplusplus_checkers">C++ Checkers</a> perform C++-specific checks</li>
 <li><a href="#deadcode_checkers">Dead Code Checkers</a> check for unused code</li>
+<li><a href="#llvm_checkers">LLVM Checkers</a> for LLVM developers</li>
 <li><a href="#nullability_checkers">Nullability Checkers</a> </li>
 <li><a href="#optin_checkers">Optin Checkers</a> </li>
 <li><a href="#osx_checkers">OS X Checkers</a> perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)</li>
 <li><a href="#security_checkers">Security Checkers</a> check for insecure API usage and perform checks based on the CERT Secure Coding Standards</li>
 <li><a href="#unix_checkers">Unix Checkers</a> check the use of Unix and POSIX APIs</li>
+<li><a href="#valist_checkers">Variable Argument Checkers</a></li>
 </ul>
 
 <!-- =========================== core =========================== -->
@@ -369,6 +371,25 @@
 <thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
 
 <tbody>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+cplusplus.InnerPointer</span><span class="lang">
+(C++)</span><div class="descr">
+Check for inner pointers of C++ containers used after re/deallocation.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void log(const char *str);
+
+void test(int value) {
+  const char *msg = std::to_string(value).c_str();
+  // msg points to the buffer of a temporary that is now destroyed
+  log(msg);  // warn: inner pointer of container used after re/deallocation
+}
+</pre></div></div></td></tr>
+
+
 <tr><td><div class="namedescr expandable"><span class="name">
 cplusplus.NewDelete</span><span class="lang">
 (C++)</span><div class="descr">
@@ -435,6 +456,7 @@
 } // warn
 </pre></div></div></td></tr>
 
+
 </tbody></table>
 
 <!-- =========================== dead code =========================== -->
@@ -458,6 +480,25 @@
 
 </tbody></table>
 
+<!-- =========================== llvm =========================== -->
+<h3 id="llvm_checkers">LLVM Checkers</h3>
+<table class="checkers">
+<colgroup><col class="namedescr"><col class="example"></colgroup>
+<thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
+
+<tbody>
+<tr><td><div class="namedescr expandable"><span class="name">
+llvm.Conventions</span><span class="lang">
+(C)</span><div class="descr">
+Check code for LLVM codebase conventions.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+<!-- TODO: Add examples. And also test files for this checker. -->
+</pre></div></div></td></tr>
+
+</tbody></table>
+
+
 <!-- =========================== nullability =========================== -->
 <h3 id="nullability_checkers">Nullability Checkers</h3>
 <table class="checkers">
@@ -535,6 +576,21 @@
 }
 </pre></div></div></td></tr>
 
+
+<tr><td><div class="namedescr expandable"><span class="name">
+nullability.NullableReturnedFromNonnull</span><span class="lang">
+(ObjC)</span><div class="descr">
+Warns when a nullable pointer is returned from a function that has _Nonnull return type.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+typedef struct Dummy { int val; } Dummy;
+
+Dummy *_Nonnull test(Dummy *_Nullable a) {
+  Dummy *p = a;
+  return p; // warn
+}
+</pre></div></div></td></tr>
+
 </tbody></table>
 
 <!-- =========================== optin =========================== -->
@@ -610,6 +666,62 @@
 [alarmStateLabel setText:alarmText];
 </pre></div></div></td></tr>
 
+
+<tr><td><div class="namedescr expandable"><span class="name">
+optin.performance.GCDAntipattern</span><span class="lang">
+(ObjC)</span><div class="descr">
+Check for performance anti-patterns when using Grand Central Dispatch.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void use_semaphor_antipattern() {
+  dispatch_semaphore_t sema = dispatch_semaphore_create(0);
+
+  func(^{
+      dispatch_semaphore_signal(sema);
+  });
+  dispatch_semaphore_wait(sema, 100); // warn: waiting on a callback using a
+                                      //       semaphore
+}
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+optin.performance.Padding</span><span class="lang">
+(C)</span><div class="descr">
+Check for excessively padded structs.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+class PaddedA { // warn: excessive padding
+  char c1;
+  int i;
+  char c2;
+};
+</pre></div></div></td></tr>
+
+
+<tr><td><div class="namedescr expandable"><span class="name">
+optin.portability.UnixAPI</span><span class="lang">
+(C)</span><div class="descr">
+Finds implementation-defined behavior in UNIX/Posix functions.
+<div class=functions>
+calloc<br>
+malloc<br>
+realloc<br>
+reallocf<br>
+alloca, __builtin_alloca<br>
+__builtin_alloca_with_align<br>
+valloc</div>
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+void *f(int n) {
+  return malloc(n * 0 * sizeof(int)); // warn: Call to 'malloc' has an
+                                      //       allocation size of 0 bytes
+}
+</pre></div></div></td></tr>
+
 </tbody></table>
 
 <!-- =========================== OS X =========================== -->
@@ -649,6 +761,16 @@
 </pre></div></div></td></tr>
 
 
+<tr><td><div class="namedescr expandable"><span class="name">
+osx.ObjCProperty</span><span class="lang">
+(ObjC)</span><div class="descr">
+Check for proper uses of Objective-C properties</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+<!-- TODO: Add an example. -->
+</pre></div></div></td></tr>
+
+
 <tr><td><div class="namedescr expandable"><span class="name">
 osx.SecKeychainAPI</span><span class="lang">
 (C)</span><div class="descr">
@@ -732,7 +854,8 @@
 <tr><td><div class="namedescr expandable"><span class="name">
 osx.cocoa.AtSync</span><span class="lang">
 (ObjC)</span><div class="descr">
-Check for nil pointers used as mutexes for <code>@synchronized</code>.</div></div></td>
+Check for nil pointers used as mutexes for <code>@synchronized</code>.
+</div></div></td>
 <td><div class="exampleContainer expandable">
 <div class="example"><pre>
 void test(id x) {
@@ -748,6 +871,17 @@
 </pre></div></div></td></tr>
 
 
+<tr><td><div class="namedescr expandable"><span class="name">
+osx.cocoa.AutoreleaseWrite</span><span class="lang">
+(ObjC)</span><div class="descr">
+Warn about potentially crashing writes to autoreleasing objects from different
+autoreleasing pools in Objective-C.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+<!-- TODO: Add an example. -->
+</pre></div></div></td></tr>
+
+
 <tr><td><div class="namedescr expandable"><span class="name">
 osx.cocoa.ClassRelease</span><span class="lang">
 (ObjC)</span><div class="descr">
@@ -931,6 +1065,17 @@
 </pre></div></div></td></tr>
 
 
+<tr><td><div class="namedescr expandable"><span class="name">
+osx.cocoa.NonNilReturnValue</span><span class="lang">
+(ObjC)</span><div class="descr">
+Model the APIs that are guaranteed to return a non-nil value.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+<!-- TODO: Add examples. -->
+</pre></div></div></td></tr>
+
+
+
 <tr><td><div class="namedescr expandable"><span class="name">
 osx.cocoa.ObjCGenerics</span><span class="lang">
 (ObjC)</span><div class="descr">
@@ -964,6 +1109,17 @@
 </pre></div></div></td></tr>
 
 
+<tr><td><div class="namedescr expandable"><span class="name">
+osx.cocoa.RunLoopAutoreleaseLeak</span><span class="lang">
+(ObjC)</span><div class="descr">
+Check for leaked memory in autorelease pools that will never be drained.
+</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+<!-- TODO: Add examples. -->
+</pre></div></div></td></tr>
+
+
 <tr><td><div class="namedescr expandable"><span class="name">
 osx.cocoa.SelfInit</span><span class="lang">
 (ObjC)</span><div class="descr">
@@ -1571,6 +1727,74 @@
 
 </tbody></table>
 
+
+<!-- =============================== va_list =============================== -->
+<h3 id="valist_checkers">Variable Argument Checkers</h3>
+<table class="checkers">
+<colgroup><col class="namedescr"><col class="example"></colgroup>
+<thead><tr><td>Name, Description</td><td>Example</td></tr></thead>
+
+<tbody>
+<tr><td><div class="namedescr expandable"><span class="name">
+valist.CopyToSelf</span><span class="lang">
+(C)</span><div class="descr">
+Calls to the <code>va_copy</code> macro should not copy onto itself.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+#include &lt;stdarg.h&gt;
+
+void test(int x, ...) {
+  va_list args;
+  va_start(args, x);
+  va_copy(args, args); // warn
+  va_end(args);
+}
+</pre></div></div></td></tr>
+
+<tr><td><div class="namedescr expandable"><span class="name">
+valist.Uninitialized</span><span class="lang">
+(C)</span><div class="descr">
+Calls to the <code>va_arg</code>, <code>va_copy</code>, or
+<code>va_end</code> macro must happen after calling <code>va_start</code> and
+before calling <code>va_end</code>.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+#include &lt;stdarg.h&gt;
+
+void test(int x, ...) {
+  va_list args;
+  int y = va_arg(args, int); // warn
+}
+</pre></div>
+<div class="example"><pre>
+#include &lt;stdarg.h&gt;
+
+void test(int x, ...) {
+  va_list args;
+  va_start(args, x);
+  va_end(args);
+  int z = va_arg(args, int); // warn
+}
+</pre></div></div></td></tr>
+
+<tr><td><div class="namedescr expandable"><span class="name">
+valist.Unterminated</span><span class="lang">
+(C)</span><div class="descr">
+Every <code>va_start</code> must be matched by a <code>va_end</code>. A va_list
+can only be ended once.</div></div></td>
+<td><div class="exampleContainer expandable">
+<div class="example"><pre>
+#include &lt;stdarg.h&gt;
+
+void test(int x, ...) {
+  va_list args;
+  va_start(args, x);
+  int y = x + va_arg(args, int);
+} // warn: missing va_end
+</pre></div></div></td></tr>
+
+</tbody></table>
+
 </div> <!-- page -->
 </div> <!-- content -->
 </body>

Name, Description	Example
+llvm.Conventions +(C) +Check code for LLVM codebase conventions.	+ + +
Name, Description	Example
+valist.CopyToSelf +(C) +Calls to the `va_copy` macro should not copy onto itself.	+ +#include <stdarg.h> + +void test(int x, ...) { + va_list args; + va_start(args, x); + va_copy(args, args); // warn + va_end(args); +} +
+valist.Uninitialized +(C) +Calls to the `va_arg`, `va_copy`, or +`va_end` macro must happen after calling `va_start` and +before calling `va_end`.	+ +#include <stdarg.h> + +void test(int x, ...) { + va_list args; + int y = va_arg(args, int); // warn +} + + +#include <stdarg.h> + +void test(int x, ...) { + va_list args; + va_start(args, x); + va_end(args); + int z = va_arg(args, int); // warn +} +
+valist.Unterminated +(C) +Every `va_start` must be matched by a `va_end`. A va_list +can only be ended once.	+ +#include <stdarg.h> + +void test(int x, ...) { + va_list args; + va_start(args, x); + int y = x + va_arg(args, int); +} // warn: missing va_end +