At the moment I'm interested in source code analysis and playing around with the built-in possibilities and other third party plguins.
The biggest problem for me, is to identify or filter for code analysis related warnings in the error list window of Visual Studio.
I think all warnings starting with "CA" are these types of errors. Anyway I'm still not sure and want to get this clarified, so that I have knowledge about this and not just a feeling/believe.
This problem brings me in general to the question: Is there a list of all error/warning "groups" and what they are related to? Is it possible that there are "custom" defined "groups"?
I think this is important since every warning will be pushed to the same window. Based on the task someone is working on, it can be pretty hard to identify relvant warnings/outputs (especially in huge projects).
So far my results or what I think is the meaning (list may be uncomplete):
CA - Source Code Analysis, based on this source
CS - C# compiler in general, based on assumption (I get these while compiling C#)
AD - ?? (I get these from "Roslyn Security Guard" when throwing exceptions while analysing code)
C - C/C++ compiler in general, based on assumption (I know this group of warnings from C/C++ projects)
SG - ?? (Maybe these are warnings coming from successfull analysed code with Roslyn Security Guard (SG = Security Guard?))
Yes SG comes from Roslyn Security Guard. It is a custom name chosen by developer of the analyzer. This is why there is no single list of warnings. Only groups of warnings produced by Microsoft are documented on Msdn. AD001 is shown when an analyzer itself throws an exception because of a bug in it.
Related
When compiling a solution with many projects, if I make a compile time error in a project that many other projects use I'll get a flood of errors in the Error List window of visual studio:
Error 80 Metadata file
'C:\trunk\Projects\Libraries\K2DataBaseClient\bin\x64\Debug\CEPCortex.dll'
could not be found C:\trunk\Projects\TradeAiTeacher\CSC
These errors indicate that a project couldn't be built due to another project not being built. These types of errors cascade and don't really tell me anything useful as I know that its all due to a core project failing to build.
These errors often make it harder to find the actual error in the window.
Is there a way to tell visual studio to suppress this type of output and just show me the compile errors in cases like this to make it easy to find what actual code is broken?
Ideally it once the compile error has been fixed we can toggle this hiding off so I see all errors.
I had originally left this version agnostic but visual-studio 2013 is the version I am most concerned with.
No. The C# compiler categorically refuses to consider one error more "important" than another one. It cannot know how important an error can be, it doesn't know enough about the reason it had to produce the error. A missing reference assembly can produce a lot of errors because type definitions are missing. Of course the compiler cannot know the difference between them being undefined because of the missing assembly reference (ignore) or you mistyping a name (don't ignore).
Interpreting the Error List requires a massively parallel computing machine that's capable of high-speed correlation inference and pattern matching. With practical quantum computing still a distant future, you need to use the one that's readily available to any programmer, the one you have between your ears. Start at the top of the list. And work your way down, feeling less inclined to fix them as you progress down the list.
Never hesitate to rebuild before getting to the end of the list when you fixed a gross error. Like a missing assembly reference.
I've found the best way to work with existing the visual studio behavior is to use the advice in this link: and make the compiler stop after the first compile error.
This seems to get as close to solving my problem as you currently can.
The Crystal libraries referenced by our winform app cause errors in Code Analysis:
Warning 1 CA0060 : The indirectly-referenced assembly
'BusinessObjects.Licensing.KeycodeDecoder, Version=13.0.2000.0,
Culture=neutral, PublicKeyToken=692fbea5521e1304' could not be found.
This assembly is not required for analysis, however, analysis results
could be incomplete. This assembly was referenced by: C:\Program
Files\SAP BusinessObjects\Crystal Reports for .NET Framework
4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win32_x86\dotnet\CrystalDecisions.CrystalReports.Engine.dll.
In a few different threads, SAP "support" has acknowledged that this is a problem on their end (http://scn.sap.com/thread/2153539), though they are quick to point out it doesn't impact their product directly, so fixing it is of low-priority. It's been assigned reference number ADAPT01629826, but it still seems up-in-the-air as to when they'll actually fix the issue on their end.
This is a Code Analysis Application Warning (http://msdn.microsoft.com/en-us/library/ms245349.aspx), rather than a normal Code Analysis Warning.
Because of that, Visual Studio doesn't provide the usual "Suppress Message(s)" context menu. I'm hoping there's a way to use GlobalSuppressions or something similar, but could use some help...
Even if SAP is right about the bad assembly reference not having a functional impact on their product, it still bothers me. Like the original poster, I don't want any errors/warnings from Code Analysis.
I'm sure others have run into this -- or at least something similar. How did you handle it? Is there a way to exclude this specific warning from Code Analysis, so it no longer shows?
While I don't like hard-coding exclusions, it seems like a more reliable solution than waiting around for SAP to actually push out a fix.
There is no way to suppress these without wrapping fxcpcmd or overwriting the code analysis targets to intercept the output and ignore the warning.
I've getting some information about this, but I still can find a proper answer, I was asked recently in my company for this : "run a fxcop analysis on that code and tell me the results".
Ok, I have VS2010 Ultimate which has code analysis, but before making any comment, I browse it on the internet cause I want to implement the best choice...
So, let's say I'm gonna use the same rules on both analyzers:
Should I recommend using one above the other?
Should I say "hey, thats kinda old, let's use code analysis!"
Should I get the same results on different computers? (for what I undersand, fxcop gives you some "points" and for what I've read, sometimes it gives you diff points on diff computers, I don't know about this with code analysis
Thanks, any help would be appreciated
FxCop and Code Analysis are essentially the same thing, with the following differences:
Code Analysis includes a VS IDE extension. FxCop can be executed from and show results within the IDE, but the result is not as full-featured. On the other hand, FxCop includes a stand-alone UI that is more full-features with respect to certain types of results exploration.
Code Analysis includes more rules than FxCop. Part of this is because it includes an additional rules engine, but part is just extra rules that Microsoft decided we should pay for. (The extra rules can be run from FxCop if you want to see the results in the stand-alone FxCop UI.)
For any given rule, you should see exactly the same results on any given machine, regardless of which of the two tools you are using. The only cases in which you should see differences is when you do not specify culture settings for the FxCop analysis, and the system culture differs between machines.
Custom Compiler Warnings and
C#: Create custom warning in Visual Studio if certain method is used in source code
haven't helped as they deal with code that is under the author's control.
We are using a 3rd party suite of UI controls (DevExpress) in our software and I want to generate a warning when someone uses MessageBox.Show("blah"); instead of XtraMessageBox.Show("blah");
Is there a way to do that?
This sort of thing can be addressed relatively easily via a custom rule for FxCop/Visual Studio Code Analysis. If you are using Visual Studio Developer Edition, you will even see the rule failures displayed along-side your compilation warnings and errors in the IDE.
While there's no way you can do real custom compile-time error in .NET, there's a number of third-party tools (both free and commercial) that can inject their validation logic into the build process, usually after the compilation.
Here are three ways I know of to solve you problem:
Resharper 5.0($) will support custom rules / warnings.
In PostSharp(free) you can define OnMethodBoundary aspect, overwrite its CompileTimeValidate method and emit a [post]compile-time error from it.
NDepend can be integrated with your build process ($) to enforce coding policies like that
No there is no direct way. If you think about it you are looking for a compiler warning for some code that you don't even compile.
If you really want this you could use Reflection methods on YOUR compiled assembly to check if any methods/assemblies you don't want have been called. Cecil has a lot of the functionality you need. You could then make this part of your build process.
FxCops is something new to me, but as always I would like to get to know the new things..
From what I've read, FxCops is already included in VS2008. I guess it's the "Code Analysis" function. Whenever I try to run it though, it seems to start a rebuild and end in the "Finished Rebuilding" state.
I checked the output window and there are a bunch of warnings there. But if I'm not mistaking, there should be more of a GUI for this then the wall of text in my output window, right?
Am I missing a window that should have popped up? Can I open it somewhere? Or is there anything else I'm missing?
Yes, Code Analysis is the nice friendly name for FxCop. However, I'm not aware of a friendly window beyond the errors / warning list where they should appear, prefixed CA.
On the project properties screen there is a Code analysis tab where you can treat warnings as errors to enforce the rules you care about.
Just so everyone knows, because it took me a long time to figure this out.... Code Analysis / FxCop is only included in Team System and Team Suite versions of VS 2008, not in the Professional Edition.
You're not missing anything - there isn't a pop-up window.
The list of issues in the output window is pretty much all you'd get in FxCop. It's just that FxCop is a standalone application.
Here's a decent article on FxCop and Code Analysis:
Link
An alternative to FxCop would be to use the tool NDepend that lets write Code Rules over C# LINQ Queries (namely CQLinq). NDepend is integrated in VS 2012, 2010 and 2008. Disclaimer: I am one of the developers of the tool
More than 200 code rules are proposed by default. Customizing existing rules or creating your own rules is straightforward thanks to the well-known C# LINQ syntax.
NDepend code rules can be verified live in Visual Studio and at build process time, in a generated HTML+javascript report.
You seems concerned by the number of false-positive. To keep the number of false-positives low, CQLinq offers the unique capabilities to define what is the set JustMyCode through special code queries prefixed with notmycode. More explanations about this feature can be found here. Here are for example two notmycode default queries:
Discard generated and designer Methods from JustMyCode
Discard generated Types from JustMyCode
To keep the number of false-positives low, with CQLinq you can also focus rules result only on code added or code refactored, since a defined baseline in the past. See the following rule, that detect methods too complex added or refactored since the baseline:
warnif count > 0
from m in Methods
where m.CyclomaticComplexity > 20 &&
m.WasAdded() || m.CodeWasChanged()
select new { m, m.CyclomaticComplexity }