A mention on performing static analysis on kernel code
Broadly, there are two kinds of analysis tools – static and dynamic. Dynamic analysis tools are those that operate at runtime while the code executes. We've covered (most) of them in previous chapters – they include kernel memory checkers (KASAN, SLUB debug, kmemleak, and KFENCE), undefined behavior checkers (UBSAN), and locking-related dynamic analysis tools (lockdep and KCSAN).
Static analysis tools are those that operate upon the source code itself. Static analyzers (for C) uncover common bugs such as Uninitialized Memory Reads (UMRs), Use-After-Return (UAR), also known as use-after-scope), bad array accesses, and simply code smells.
For the Linux kernel, static analysis tools include Coccinelle, checkpatch.pl, sparse, and smatch. There are other, more general but still useful static analyzers as well; among them are cppcheck, flawfinder, and even the compilers (GCC and clang; FYI, GCC 10 onward has...
