...
Compass/ROSE can detect violations of this recommendation. In particular, it looks for the size argument of malloc(), calloc(), or realloc(), and flags when it does not find a sizeof operator in the argument expression. It does not flag if the return value is assigned to a char *, in this case a string is being allocated, and sizeof is unnecessary because sizeof(char) == 1.
...