...
Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this recommendation.
Compass/ROSE could detect possible violations by reporting any function that has malloc() or free() but not both. This would catch some false positives, as there would be no way to tell if malloc() and free() are 'at the same level of abstraction' if they are in different functions.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...