Scope-based resource management for the kernel

The kernel disables GCC's uninitialized variable warning because it had too many false positives. We use Clang and Smatch (my static checker) to find uninitialized variables but that doesn't really help with missing error code bugs. Normally the buggy code looks like:

ret = frob();
if (ret)
goto free_thing;

if (val > limit)
goto free_thing;

In Smatch, I consider that ret is set intentionally to zero if the "ret = " assignment is within 5 lines of the goto. But this is kind of a new rule and some people think you should be able to tell it's intentional from the context.

int ret = 0;

/* twenty lines of code */

if (on == ON)
goto done;