MSDN Magazine - December 2008 - (Page 11) ScoTT MiTchEll Toolbox Static Analysis Tools For .NET, Matt Berseth’s Blog Improve Software Quality with Static Code Analysis Tools Many software teams use code reviews to ensure that developers are writing correct, secure code that adheres to the company’s design guidelines. These guidelines might outline naming conventions, patterns to use for accessing data or other external resources, and so on. Many aspects of the code review process are rather mechanical and can be automated. Static code analysis tools scan through source code or intermediate code and search for violations of defined design guideline rules. One such static analysis tool for applications within the Microsoft .NET Framework is FxCop (version 1.36), a free tool created by Microsoft. FxCop analyzes the intermediate code of a compiled .NET assembly and provides suggestions for design, security, and performance improvements. By default, FxCop analyzes an assembly based on the rules set forth by Design Guidelines for Developing Class Libraries (msdn.microsoft.com/ library/ms229042). The design guideline rules are divided into nine categories, including design, globalization, performance, and security, among others. An example of a naming rule is, “Events should not have ‘before’ or ‘after’ prefix.” If FxCop identifies an event named BeforeUpdate, it will recommend replacing BeforeUpdate with a present-tense version of the event name (namely, Update). You can also plug in a custom rules class that reflects your company’s internal design guidelines. To analyze an assembly, launch FxCop, create a new project, and add the assembly to the project. FxCop shows the 200+ rules that are used when analyzing the assembly; you may turn off existing rules or add your own. Click the Analyze button to begin Microsoft is StyleCop (version 4.3). Whereas FxCop evaluates design guidelines against intermediate code, StyleCop evaluates the style of C# source code. Style guidelines are rules that specify how source code should be formatted. They dictate whether spaces or tabs should be used for indentation and the format of for loops, if statements, and other constructs. Example StyleCop rules include: the body of for statements should be wrapped in opening and closing curly brackets; there should be white space on both sides of the = and != operators; and calls to member variables within a class must begin with “this.”. StyleCop is not integrated into Visual Studio Team System—you must install it yourself. Executing StyleCop from within Visual Studio analyzes the source code in the currently opened solution, displaying the results as warnings in the error list window. StyleCop can also be integrated with MSBuild. While FxCop and StyleCop pinpoint rule violations, the developer is still responsible for implementing these tools’ suggestions. CodeIt.Right (version 1.1) from SubMain takes static code analysis to the next level by enabling rule violations to be automatically refactored into conforming code. Like FxCop, CodeIt.Right ships with an extensive set of predefined rules, based on the design guidelines document mentioned earlier, with the ability to add custom rules. But CodeIt.Right makes it much easier to create and use custom rules. Using custom rules in FxCop requires FxCop Analyzes an Assembly Based on Rules Set by .NET Design Guidelines the analysis. After enumerating the types, classes, methods, and members of your assembly, FxCop displays the analysis results, which list the offending code and the rule that was violated. Select a result for a more detailed description and solution. FxCop is available as a standalone app; it also includes a command-line implementation that makes it easy to plug into an automated build process. (Code Analysis, a tool much like FxCop, ships with Visual Studio Team System and is integrated into the Visual Studio shell.) For more on how to use FxCop, see the Bugslayer columns by John Robbins: “Bad Code? FxCop to the Rescue” at msdn.microsoft.com/magazine/ cc188721 and ”Three Vital FXCop Rules” at msdn.microsoft.com/magazine/cc163930. Another static code analysis tool from Send your questions and comments for Scott to toolsmm@microsoft.com. All prices confirmed October 30, 2008, and are subject to change. The opinions expressed in this column are solely those of the author and do not necessarily reflect the opinions of Microsoft. December 2008 11 http://msdn.microsoft.com/library/ms229042 http://msdn.microsoft.com/library/ms229042 http://msdn.microsoft.com/magazine/cc188721 http://msdn.microsoft.com/magazine/cc188721 http://msdn.microsoft.com/magazine/cc163930
Table of Contents Feed for the Digital Edition of MSDN Magazine - December 2008 MSDN Magazine - December 2008 Contents Toolbox CLR Inside Out Advanced Basics Cutting Edge Patterns In Practice Team System Real-World WF Visual Studio OBA Tools SOA Data Access Geneva Framework Test Run Foundations Windows With C++ Going Places End Bracket MSDN Magazine - December 2008 MSDN Magazine - December 2008 - (Page Intro) MSDN Magazine - December 2008 - Contents (Page Cover1) MSDN Magazine - December 2008 - Contents (Page Cover2) MSDN Magazine - December 2008 - Contents (Page 1) MSDN Magazine - December 2008 - Contents (Page 2) MSDN Magazine - December 2008 - Contents (Page 3) MSDN Magazine - December 2008 - Contents (Page 4) MSDN Magazine - December 2008 - Contents (Page 5) MSDN Magazine - December 2008 - Contents (Page 6) MSDN Magazine - December 2008 - Contents (Page 7) MSDN Magazine - December 2008 - Contents (Page 8) MSDN Magazine - December 2008 - Contents (Page 9) MSDN Magazine - December 2008 - Contents (Page 10) MSDN Magazine - December 2008 - Toolbox (Page 11) MSDN Magazine - December 2008 - Toolbox (Page 12) MSDN Magazine - December 2008 - Toolbox (Page 13) MSDN Magazine - December 2008 - Toolbox (Page 14) MSDN Magazine - December 2008 - CLR Inside Out (Page 15) MSDN Magazine - December 2008 - CLR Inside Out (Page 16) MSDN Magazine - December 2008 - CLR Inside Out (Page 17) MSDN Magazine - December 2008 - CLR Inside Out (Page 18) MSDN Magazine - December 2008 - CLR Inside Out (Page 19) MSDN Magazine - December 2008 - CLR Inside Out (Page 20) MSDN Magazine - December 2008 - CLR Inside Out (Page 21) MSDN Magazine - December 2008 - Advanced Basics (Page 22) MSDN Magazine - December 2008 - Advanced Basics (Page 23) MSDN Magazine - December 2008 - Advanced Basics (Page 24) MSDN Magazine - December 2008 - Advanced Basics (Page 25) MSDN Magazine - December 2008 - Advanced Basics (Page 26) MSDN Magazine - December 2008 - Advanced Basics (Page 27) MSDN Magazine - December 2008 - Advanced Basics (Page 28) MSDN Magazine - December 2008 - Cutting Edge (Page 29) MSDN Magazine - December 2008 - Cutting Edge (Page 30) MSDN Magazine - December 2008 - Cutting Edge (Page 31) MSDN Magazine - December 2008 - Cutting Edge (Page 32) MSDN Magazine - December 2008 - Cutting Edge (Page 33) MSDN Magazine - December 2008 - Cutting Edge (Page 34) MSDN Magazine - December 2008 - Cutting Edge (Page 35) MSDN Magazine - December 2008 - Cutting Edge (Page 36) MSDN Magazine - December 2008 - Patterns In Practice (Page 37) MSDN Magazine - December 2008 - Patterns In Practice (Page 38) MSDN Magazine - December 2008 - Patterns In Practice (Page 39) MSDN Magazine - December 2008 - Patterns In Practice (Page 40) MSDN Magazine - December 2008 - Patterns In Practice (Page 41) MSDN Magazine - December 2008 - Patterns In Practice (Page 42) MSDN Magazine - December 2008 - Patterns In Practice (Page 43) MSDN Magazine - December 2008 - Team System (Page 44) MSDN Magazine - December 2008 - Team System (Page 45) MSDN Magazine - December 2008 - Team System (Page 46) MSDN Magazine - December 2008 - Team System (Page 47) MSDN Magazine - December 2008 - Team System (Page 48) MSDN Magazine - December 2008 - Team System (Page 49) MSDN Magazine - December 2008 - Team System (Page 50) MSDN Magazine - December 2008 - Team System (Page 51) MSDN Magazine - December 2008 - Real-World WF (Page 52) MSDN Magazine - December 2008 - Real-World WF (Page 53) MSDN Magazine - December 2008 - Real-World WF (Page 54) MSDN Magazine - December 2008 - Real-World WF (Page 55) MSDN Magazine - December 2008 - Real-World WF (Page 56) MSDN Magazine - December 2008 - Real-World WF (Page 57) MSDN Magazine - December 2008 - Real-World WF (Page 58) MSDN Magazine - December 2008 - Real-World WF (Page 59) MSDN Magazine - December 2008 - Real-World WF (Page 60) MSDN Magazine - December 2008 - Real-World WF (Page 61) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 62) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 63) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 64) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 65) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 66) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 67) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 68) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 69) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 70) MSDN Magazine - December 2008 - Visual Studio OBA Tools (Page 71) MSDN Magazine - December 2008 - SOA Data Access (Page 72) MSDN Magazine - December 2008 - SOA Data Access (Page 73) MSDN Magazine - December 2008 - SOA Data Access (Page 74) MSDN Magazine - December 2008 - SOA Data Access (Page 75) MSDN Magazine - December 2008 - SOA Data Access (Page 76) MSDN Magazine - December 2008 - SOA Data Access (Page 77) MSDN Magazine - December 2008 - SOA Data Access (Page 78) MSDN Magazine - December 2008 - SOA Data Access (Page 79) MSDN Magazine - December 2008 - SOA Data Access (Page 80) MSDN Magazine - December 2008 - SOA Data Access (Page 81) MSDN Magazine - December 2008 - Geneva Framework (Page 82) MSDN Magazine - December 2008 - Geneva Framework (Page 83) MSDN Magazine - December 2008 - Geneva Framework (Page 84) MSDN Magazine - December 2008 - Geneva Framework (Page 85) MSDN Magazine - December 2008 - Geneva Framework (Page 86) MSDN Magazine - December 2008 - Geneva Framework (Page 87) MSDN Magazine - December 2008 - Geneva Framework (Page 88) MSDN Magazine - December 2008 - Geneva Framework (Page 89) MSDN Magazine - December 2008 - Geneva Framework (Page 90) MSDN Magazine - December 2008 - Test Run (Page 91) MSDN Magazine - December 2008 - Test Run (Page 92) MSDN Magazine - December 2008 - Test Run (Page 93) MSDN Magazine - December 2008 - Test Run (Page 94) MSDN Magazine - December 2008 - Test Run (Page 95) MSDN Magazine - December 2008 - Test Run (Page 96) MSDN Magazine - December 2008 - Test Run (Page 97) MSDN Magazine - December 2008 - Test Run (Page 98) MSDN Magazine - December 2008 - Test Run (Page 99) MSDN Magazine - December 2008 - Test Run (Page 100) MSDN Magazine - December 2008 - Foundations (Page 101) MSDN Magazine - December 2008 - Foundations (Page 102) MSDN Magazine - December 2008 - Foundations (Page 103) MSDN Magazine - December 2008 - Foundations (Page 104) MSDN Magazine - December 2008 - Foundations (Page 105) MSDN Magazine - December 2008 - Foundations (Page 106) MSDN Magazine - December 2008 - Foundations (Page 107) MSDN Magazine - December 2008 - Foundations (Page 108) MSDN Magazine - December 2008 - Windows With C++ (Page 109) MSDN Magazine - December 2008 - Windows With C++ (Page 110) MSDN Magazine - December 2008 - Windows With C++ (Page 111) MSDN Magazine - December 2008 - Windows With C++ (Page 112) MSDN Magazine - December 2008 - Going Places (Page 113) MSDN Magazine - December 2008 - Going Places (Page 114) MSDN Magazine - December 2008 - Going Places (Page 115) MSDN Magazine - December 2008 - Going Places (Page 116) MSDN Magazine - December 2008 - Going Places (Page 117) MSDN Magazine - December 2008 - Going Places (Page 118) MSDN Magazine - December 2008 - Going Places (Page 119) MSDN Magazine - December 2008 - End Bracket (Page 120) MSDN Magazine - December 2008 - End Bracket (Page Cover3) MSDN Magazine - December 2008 - End Bracket (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.