This is an old revision of the document!
This page will give you some hints about which tools might be used to gather useful information during a code review such as debuggers, static and dynamic code analysis tools etc.
With the help of cscope, reviewers can comfortable search for symbols in the source code of programs. It allows to search for definitions/declarations and calls of certain functions, macro definitions etc.. Most Linux and BSD distributions ship cscope.
Ctags builds a cross-reference file (similar to cscope) from a source code tree called a “tag-file”. This allows reviewers with the help of a tag-file supporting editor (such as vim) to follow function calls while auditing and to step down into functions just as one would do at runtime with gdb. Despite its name, ctags supports a plenty of languages, not just C.
exec-notify globally shows which programs are executed on a system. This allows to track down shell escaping problems in larger applications which execute external programs every now and then or in bootup scripts.
FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error.
The GNU Debugger - “gdb” - is a general purpose debugger which also helps in source code reviews if you want to estimate whether a certain vulnerability is really exploitable. This is not always the case since the generated binary code makes exploitation impossible for example due to stack alignments or optimizations.
insight is a Tcl/Tk based graphical frontend to gdb with many features and an intuitive interface. What sets insight apart from other gdb GUIs is its active and continuous development, and its integration with sourcenav (see below).
A static analysis tool to find race conditions, locking errors, null pointer uses, and a number of other problems in Java programs.
kscope uses the index file generated by cscope and gives developers a graphical frontend to generate call-graphs, search and edit functions etc.. A very convenient tool to browse large software projects such as the Linux kernel.
List open files - “lsof” - is a tool to gather information about processes' open file descriptors (not only files itself). This information includes the name and PID of the process, the type of file and so on. Many Linux and BSD distributions ship lsof.
ltrace allows to trace the execution of library calls in programs and processes. By carefully observing the order and arguments of certain calls such as open(3) or chown(3) one can spot simple kinds of race conditions.
PMD scans Java source code for potential problems.
sourcenav, or the Source-Navigator, is a source code analysis tool. It aids the process of code visualization during code reviews by displaying the relationships between functions and generating call trees. Also, it helps in analyzing the propagation of a change in the code to other source modules.
strace, similar to ltrace, allows to trace the execution of system calls in programs and processes. This helps to determine whether arguments are passed correctly during runtime, for example to chroot(2) or execve(2). Most Linux distributions ship strace and install it by default. BSD systems have a similar tool called “truss”.
The Debian Security Audit Project maintains a list of Security Auditing Tools, mostly for automated static source code analysis, along with Automated Audit Examples.