...
Compass/ROSE can detect violations of this rule. In particular, Rose ensures that any pointer returned by malloc(), calloc(), or realloc() is first checked for NULL before being used (otherwise it is free()-d). Rose does not handle cases where an allocation is assigned to an lvalue that is not a variable (such as a struct member or C++ function call returning a reference.)
The Coverity Prevent Version 5.0 CHECKED_RETURN, NULL_RETURNS, and REVERSE_INULL checkers can all find violations of this rule. The CHECKED_RETURN finds instances where a pointer is checked against NULL and then later dereferenced. The NULL_RETURNS checker identifies functions that can return a null pointer but are not checked. The REVERSE_INULL identifies code that dereferences a pointer and then checks the pointer against NULL. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.
...