Tag
cargo-geiger is a Rust cargo plugin that lists statistics about unsafe code usage in a crate and its dependencies, providing input for auditing.
The author built a code context graph parser that creates a graph from static analysis and exposes it via MCP for AI agents. In a head-to-head comparison with Gemma 4 26B, agents using the graph explored Apache Kafka's request flow in under 2 minutes, while the baseline agent without the graph ran out of rate limits in 6 minutes.
brooks-lint is an AI code review tool based on twelve classic software engineering books, providing structured, traceable code regression risk assessment and repair suggestions, aiming to avoid quality issues in AI-generated code.
Anthropic released an open-source code auditing reference harness for autonomous vulnerability discovery and remediation using Claude, covering a recon→find→triage→report→patch pipeline, primarily targeting C/C++ memory vulnerabilities. It is a template/reference implementation rather than a production-ready product, with a managed hosted option called Claude Security also available.
Explores the concept of static analysis using applicative functors in Haskell, contrasting with monads, and discusses interpreting code in data-agnostic contexts for analysis without executing effects.
cargo-crap is a Rust tool that uses the CRAP metric to identify functions that are both complex and poorly tested, helping developers manage risk in AI-generated code.
Repowise is an open-source MCP tool that provides AI coding agents like Claude Code with codebase intelligence, including a 12-biomarker code health score, dependency analysis, git insights, and auto-generated docs, all running offline with Ollama.
OxCaml, Jane Street's fork of the OCaml compiler, introduces compile-time guarantees against data races, enabling sequential consistency without runtime overhead. The blog post explains the new mode axes and their implications for parallel programming.
This paper introduces Elevator, a novel binary translator that performs deterministic, fully-static translation of entire x86-64 binaries to AArch64 without heuristics or runtime fallbacks. It achieves performance comparable to QEMU while enabling pre-deployment validation and certification of the translated code.
The article explains why Tree-sitter is unsuitable for deep program analysis, highlighting how it discards critical tokens like operators and keywords. It advocates for using the Cubix framework as a more robust alternative for building semantic analysis and refactoring tools.
The article proposes a principled rethinking of array languages like APL by modeling variables as functions of input dimensions, aiming to improve readability and error checking compared to traditional approaches.
React Doctor v2 is an open-source CLI tool that analyzes React codebases for performance issues, bad patterns, unnecessary re-renders, and broken architecture. It supports Next.js, Vite, and React Native and can be run instantly via npx.
Daniel Diniz used Claude Code and a custom plugin to systematically uncover 575+ bugs across 44 Python C-extension projects, with fixes already merged in 14 of them.
Verus is a static verification tool for Rust that uses SMT solving to prove full functional correctness of low-level systems code without runtime checks.
Practitioner Rory Sawyer reflects on a decade of applying program analysis to bridge the gap between code and human intent, emphasizing static analysis as a communication tool for correctness beyond execution.
React Doctor is a CLI tool that scans React codebases for issues, providing a health score and integrating with development agents. Supports Next.js, Vite, React Native, and GitHub Actions workflows.