12 个仓库
Utilities that parse, index, and navigate source code structures to facilitate development and refactoring.
Distinguishing note: Focuses on structural indexing of codebases for navigation, distinct from general-purpose static analysis or linting.
Explore 12 awesome GitHub repositories matching software engineering & architecture · Code Analysis Tools. Refine with filters or upvote what's useful.
This project is a community-driven directory and knowledge base for the PHP ecosystem. It serves as a comprehensive index of high-quality libraries, frameworks, tools, and educational materials, designed to help developers navigate the landscape and select appropriate solutions for their software projects. The directory distinguishes itself through a hierarchical taxonomy that organizes vast amounts of technical information into a logical, human-readable structure. By relying on distributed contributions from the developer community, it maintains a current and vetted collection of references
Provides curated resources for code analysis.
Tree-sitter is a parsing system and incremental parsing framework designed to generate high-performance syntax trees from source code. It functions as a language parsing engine that compiles formal grammar definitions into portable code, which can then be integrated into text editors and development tools to facilitate structural analysis, code navigation, and syntax highlighting. The project distinguishes itself through its ability to maintain valid, usable syntax tree structures even when source code contains syntax errors or incomplete fragments. It utilizes a generalized parsing algorithm
Maintains functional syntax trees and structural insights even when source code contains syntax errors.
Lit is a library for building lightweight, interoperable web components. It provides a base class that leverages native browser APIs to encapsulate state, logic, and styles, allowing developers to create custom elements that function consistently across any modern web project. The framework distinguishes itself through a reactive property system that automatically triggers efficient, batched DOM updates. By utilizing tagged template literals, it defines declarative UI structures that are compiled into optimized update instructions. Its architecture emphasizes modularity through a reactive con
Provides tools to examine source files, extract metadata, and validate component structures during development or build time.
Oxc is a high-performance toolchain designed for the analysis, linting, formatting, and transformation of JavaScript and TypeScript codebases. It functions as a comprehensive static analysis engine and compiler-based utility, providing the infrastructure necessary to parse source code into high-performance abstract syntax trees and map complex module dependency graphs across entire projects. The project distinguishes itself through its use of multi-core parallel processing to maximize throughput during intensive tasks like linting and minification. It offers deep, type-aware static analysis t
Validates code using type information to detect complex issues requiring full type system awareness.
Cheat Engine is a software reverse engineering suite and memory editor designed for the Windows environment. It functions as a comprehensive platform for inspecting, analyzing, and modifying the internal logic and data structures of running applications. The tool provides capabilities for real-time memory scanning and manipulation, allowing users to locate and alter specific values within a process's address space. It distinguishes itself through advanced debugging features, including hardware-assisted debugging, kernel-mode driver injection for bypassing memory protections, and dynamic binar
Dissects data structures and methods within managed applications to facilitate targeted software modifications.
This project is a high-performance static type checker and comprehensive development toolkit for Python. It functions as a core analysis engine that identifies type inconsistencies and enforces code correctness, while simultaneously providing a language server implementation to deliver real-time diagnostics and intelligence directly within development environments. The tool distinguishes itself through a parallelized execution engine that maximizes performance across large-scale codebases and monorepo structures. It supports gradual type adoption, allowing developers to integrate type checkin
Identifies and ignores logically impossible code paths to prevent false positive errors during analysis.
Infer is a static analysis toolset for Java, C, C++, and Objective-C designed to detect memory leaks, null dereferences, and resource bugs. It functions as a multi-language bug finder that identifies race conditions, deadlocks, and memory safety issues by translating source code into a common intermediate representation for analysis. The project distinguishes itself through an inter-procedural data flow analyzer that tracks movement between sources and sinks to detect tainted flows and generate data flow graphs. It also includes a framework for verifying temporal properties and reachability u
Checks if annotated functions are reachable and validates that field accesses serve as designated sinks.
osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act
Analyzes function call paths to determine if vulnerable code is actually reachable, reducing false positives.
ReflectionCommon is a PHP reflection interface library and code analysis abstraction. It serves as a foundation for static analysis by providing a shared specification for representing classes, methods, and properties during programmatic code inspection. The project standardizes the reflection API to decouple analysis tools from specific PHP reflection implementations. This ensures that different analysis implementations can work interchangeably through a consistent layer of interfaces. The library covers the domain of PHP code analysis and static analysis tooling, establishing a common way
Implements a common layer that decouples code analysis tools from specific PHP reflection implementations.
Semantic 是一个基于 Haskell 的库和命令行工具,专为多语言源代码分析而设计。它作为一个静态程序分析框架和多语言抽象语法树解析器,能够根据语法定义将多种编程语言转换为结构化的语法树。 该系统通过一个语义代码比较引擎脱颖而出,该引擎检测代码版本之间的结构和意义变化,而不是依赖文本差异。它进一步通过将表面语言转换为统一的多语言中间表示,实现了跨不同编程语法的分析。 该框架为解析 Rust、Go、Python、Ruby、PHP、TypeScript 和 TSX 等语言提供了广泛的功能。它涵盖了通过代码作用域映射、符号提取和语义图生成的语义分析,以及用于模式分析和程序行为评估的工具。 该工具集还包括用于标准化 Haskell 源代码文件布局的命令行实用程序。
Provides structural indexing and symbol extraction to facilitate codebase navigation and logic understanding.
AFL++ is a coverage-guided fuzzing framework that discovers crashes and hangs in software by mutating inputs while tracking which code paths are exercised. It functions as both a fuzzing engine and a campaign manager, supporting targets with or without source code through compile-time instrumentation, dynamic binary instrumentation, and emulation. The framework includes tools for crash triage and analysis, test case minimization, and campaign deployment across local or distributed environments. The framework distinguishes itself through its breadth of instrumentation backends, allowing users
Statically analyzes which functions a harness can reach, distinguishing actionable coverage gaps from dead code.
Returns all internal functions and modifiers reachable from a given entry point within a contract.