Code flow/Call Graphs
Understand from scitools is pretty good and you can try out all features using their trial license.
Code flows can be tricky when a project has a complex build process like a bunch of macro definitions. If you can obtain a compiled binary then your best option might be to put it through a disassembler like IDA pro, Binary ninja, or Hopper.
I was surprised how useful Opengrok ended up being. Can take a while to start when initially indexing files.
The tool starts a webserver which allows you to easily search and jump around your code.
You can install using this docker image.
Eclipse Photon c/c++
I’ve been using Eclipse for reading the Linux kernel and really like it. Out of the box you get indexing for code jumping. If a function jump has multiple posible options, like architecture dependent code, a dialog windows pops up for you to select.
Searching is also really useful.
Tip: Large projects will require more memory allocation for Eclipse. Refer to Eclipse settings on how to do this.
Clang static analyzer. Debian package available for install. Can be integrated into build process. Output is html format and defaults to /tmp
afl (american fuzzy lop). Debian package available for quick install
First you instrument during compile phase using
$ afl-gcc ./bug.c -o ./bug
$ sudo apt-get install g++-multilib libc6-dev-i386 $ afl-gcc ./bug.c -m32 -o ./bug
You need to make sure you specify inputs during the fuzzing stage. Source code has testcases folder.
Then you start fuzzing
$ afl-fuzz -o /tmp -i ./inputs ./bug