Code flow/Call Graphs
Understand from scitools is pretty good and you can try out all features using their trial license.
Want to generate a flow chart diagram from code? Try visustin v8.
Code flows can be tricky when a project has a complex build process like a bunch of macro definitions. If you can obtain a compiled binary then your best option might be to put it through a disassembler like Radare2, IDA pro, Binary ninja, or Hopper.
Code browser
Opengrok
I was surprised how useful Opengrok ended up being. Can take a while to start when initially indexing files.
The tool starts a webserver which allows you to easily search and jump around your code.
You can install using this docker image.
Eclipse Photon c/c++
I’ve been using Eclipse for reading the Linux kernel and really like it. Out of the box you get indexing for code jumping. If a function jump has multiple possible options, like architecture dependent code, a dialog windows pops up for you to select.
Searching is also really useful.
Tip: Large projects will require more memory allocation for Eclipse. Refer to Eclipse settings on how to do this.
Eclox (Eclipse plugin)
Combines Doxygen, Graphviz, and Mscgen.
Very quick and easy to get started.
Can generate call graphs, among other things.
Static analysis
Clang static analyzer. Debian package available for install. Can be integrated into build process. Output is html format and defaults to /tmp
Fuzzing
afl (american fuzzy lop). Debian package available for quick install
First you instrument during compile phase using
$ afl-gcc ./bug.c -o ./bug
$ sudo apt-get install g++-multilib libc6-dev-i386
$ afl-gcc ./bug.c -m32 -o ./bug
You need to make sure you specify inputs during the fuzzing stage. Source code has testcases folder.
Then you start fuzzing
$ afl-fuzz -o /tmp -i ./inputs ./bug
References
Eclox plugin was discovered after finding this blog – https://mcuoneclipse.com/2012/06/25/5-best-eclipse-plugins-1-eclox-with-doxygen-graphviz-and-mscgen/
youremindmeofmymother 