> The implementation of this semantic patch is: Thanks for your extension of such a commit message. I would interpret the provided SmPL code in the way that it will not generate adjusted (patched) C code so far. Source code search results will be presented by the operation mode “report” or “org”. How do you think about to exchange the word “patch” by “code search” at affected places (and in the subject) then? > In a function, for variables returned by calling of_find_device_by_node(), Do variables really get returned? The provided pointer should usually be stored somewhere. > c, for the rest of the situation, the current function should release the > reference by calling put_device, this patch will report the > corresponding error message. * Do you expect that the desired object release should be performed only in the same function implementation? * Would you like to pick any software development challenges up around inter-procedural data flow (or even escape) analysis for the shown use case? > Further, for the case of b, the object returned to other functions may also > have a reference leak, we will continue to develop other cocci scripts to > further check the reference leak. I am curious on how these approaches will evolve further. > +// Copyright: (C) 2018-2019 Wen Yang, ZTE. GPLv2. Would you like to add a SPDX identifier? > +coccilib.report.print_report(p2[0], Thanks for a nicer indentation here. > + "ERROR: missing put_device;" Will change confidence considerations result in another fine-tuning for this message? > + + " call of_find_device_by_node on line " I find that such a split string literal can be unwanted. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?id=1f947a7a011fcceb14cb912f5481a53b18f1879a#n94 > + + " and return without releasing.") Possible rewording? + + " but without a corresponding object release within this function.") Regards, Markus