...
Compass/ROSE could detect violations of this recommendation by flagging any comparison expression involving addition that could potentially overflow. eg instead of comparing 'a + b < c', where b and c are compile-time constants and b > c, the code should compare 'a < c - b'. (This assumes a, b, c are unsigned ints. Usually b is small and c is an upper bound such as INT_MAX.)
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...