I'm setting up a project where we've decide to use StyleCop and VS2010 "Code Analysis" rules.
I've setup the build so both sets of rules are executed on every build. The problem is that developers on this project will only be able to see StyleCop and Code Analysis rule violations on build.
While authoring code the VS2010 code editor doesn't highlight rules violations like it would do for build errors. I'm afraid that means folks would end up authoring code for an extended period of time and than prior to checkin have to fix 100+ rules violations. I'd like to explore a more organic process.
After spending the better part of the last two weeks googling, I admit defeat. I've found "StyleCop for Resharper" that would provide inline code editor highlights for StyleCop rules violations. I was wondering if there's something similar for Code Analysis or if there are any other options for StyleCop?
Thanks,
-- Justin Angel
Unfortunately there is nothing similar to StyleCop for Resharper for FxCop. StyleCop is looking only for style guideline violations, which means it need only look at source code, text files. FxCop performs analysis on compiled assemblies and looks at things like P/Invoke correctness, multiple calls to Dispose, unmanaged vs. managed API use, etc. While a tool could certainly perform such analysis of source (indeed, Resharper can help you with some, but certainly not all FxCop warnings), to do so fully would effectively require a compile. If you are compiling, then you might as well just use FxCop. By the way, Resharper is worth the money.
Related
There are c# codding conventions listed here https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/inside-a-program/coding-conventions
Is there some way to set Visual studio(2019) to automatically check if my code respects them and if not show some warning in the error list?
New versions of the C# compiler perform some style enforcement according to rules specified in a .editorconfig file.
For even greater control, I would suggest you look at StyleCop.Analyzers. It is a Roslyn Analyzer that ships as a NuGet package you can add to your projects.
You can configure it to provide warnings or errors when code does not match the style rules you specify.
It is very flexible, and has the added benefit that the rules apply to all developers of the project, which forces everyone to adhere to the code style rules in order to have the build pass cleanly.
https://github.com/DotNetAnalyzers/StyleCopAnalyzers
https://www.nuget.org/packages/StyleCop.Analyzers
Visual Studio comes with code style checks and options to enforce them when building.
https://learn.microsoft.com/en-us/visualstudio/ide/code-styles-and-code-cleanup?view=vs-2019
We are using Visual Studio Code Analysis Rules for code quality checks. We have created our custom .ruleset file and marked some violations as Errors, so that every time anyone's violating these rules, he will get a compile error and have to fix the issue.
Now everything run fine with debug mode, but when I build my project in release mode, I am not getting any error with rule 1804 i.e. Remove unused locals. In fact this violation is totally absent from violation list, not even as warning!!
Knowing that one need to have build configuration set to run your code analysis rules, I have enabled code analysis for all configurations in project properties, like this -
Doing this works good for all other rules but 1804.
Is it seems like a bug with code analysis, or it's a valid behavior for some reason I am not aware of, and is there's anything to get it work?
I am using Visual Studio 2013
This is not as strange as you may think. FxCop acts on the binaries, not on the sources. And in Release Mode the compiler will apply optimizations, such as removing unused locals, simplifying if/else statements and other things which lead to the same execution, but with higher performance or lower memory usage.
After these pieces of code have been optimized away, FxCop won't be able to detect it.
This is why it makes most sense do to binary analysis on the non-optimized binaries.
With Visual Studio 2015, most of the analysis has been moved into Roslyn Analyzers, which will catch these issues by analyzing the source code, instead of the binary output. This will allow Code Analysis (in 2015) to detect these issues, even if they didn't make it into the final binaries.
I've getting some information about this, but I still can find a proper answer, I was asked recently in my company for this : "run a fxcop analysis on that code and tell me the results".
Ok, I have VS2010 Ultimate which has code analysis, but before making any comment, I browse it on the internet cause I want to implement the best choice...
So, let's say I'm gonna use the same rules on both analyzers:
Should I recommend using one above the other?
Should I say "hey, thats kinda old, let's use code analysis!"
Should I get the same results on different computers? (for what I undersand, fxcop gives you some "points" and for what I've read, sometimes it gives you diff points on diff computers, I don't know about this with code analysis
Thanks, any help would be appreciated
FxCop and Code Analysis are essentially the same thing, with the following differences:
Code Analysis includes a VS IDE extension. FxCop can be executed from and show results within the IDE, but the result is not as full-featured. On the other hand, FxCop includes a stand-alone UI that is more full-features with respect to certain types of results exploration.
Code Analysis includes more rules than FxCop. Part of this is because it includes an additional rules engine, but part is just extra rules that Microsoft decided we should pay for. (The extra rules can be run from FxCop if you want to see the results in the stand-alone FxCop UI.)
For any given rule, you should see exactly the same results on any given machine, regardless of which of the two tools you are using. The only cases in which you should see differences is when you do not specify culture settings for the FxCop analysis, and the system culture differs between machines.
Custom Compiler Warnings and
C#: Create custom warning in Visual Studio if certain method is used in source code
haven't helped as they deal with code that is under the author's control.
We are using a 3rd party suite of UI controls (DevExpress) in our software and I want to generate a warning when someone uses MessageBox.Show("blah"); instead of XtraMessageBox.Show("blah");
Is there a way to do that?
This sort of thing can be addressed relatively easily via a custom rule for FxCop/Visual Studio Code Analysis. If you are using Visual Studio Developer Edition, you will even see the rule failures displayed along-side your compilation warnings and errors in the IDE.
While there's no way you can do real custom compile-time error in .NET, there's a number of third-party tools (both free and commercial) that can inject their validation logic into the build process, usually after the compilation.
Here are three ways I know of to solve you problem:
Resharper 5.0($) will support custom rules / warnings.
In PostSharp(free) you can define OnMethodBoundary aspect, overwrite its CompileTimeValidate method and emit a [post]compile-time error from it.
NDepend can be integrated with your build process ($) to enforce coding policies like that
No there is no direct way. If you think about it you are looking for a compiler warning for some code that you don't even compile.
If you really want this you could use Reflection methods on YOUR compiled assembly to check if any methods/assemblies you don't want have been called. Cecil has a lot of the functionality you need. You could then make this part of your build process.
FxCops is something new to me, but as always I would like to get to know the new things..
From what I've read, FxCops is already included in VS2008. I guess it's the "Code Analysis" function. Whenever I try to run it though, it seems to start a rebuild and end in the "Finished Rebuilding" state.
I checked the output window and there are a bunch of warnings there. But if I'm not mistaking, there should be more of a GUI for this then the wall of text in my output window, right?
Am I missing a window that should have popped up? Can I open it somewhere? Or is there anything else I'm missing?
Yes, Code Analysis is the nice friendly name for FxCop. However, I'm not aware of a friendly window beyond the errors / warning list where they should appear, prefixed CA.
On the project properties screen there is a Code analysis tab where you can treat warnings as errors to enforce the rules you care about.
Just so everyone knows, because it took me a long time to figure this out.... Code Analysis / FxCop is only included in Team System and Team Suite versions of VS 2008, not in the Professional Edition.
You're not missing anything - there isn't a pop-up window.
The list of issues in the output window is pretty much all you'd get in FxCop. It's just that FxCop is a standalone application.
Here's a decent article on FxCop and Code Analysis:
Link
An alternative to FxCop would be to use the tool NDepend that lets write Code Rules over C# LINQ Queries (namely CQLinq). NDepend is integrated in VS 2012, 2010 and 2008. Disclaimer: I am one of the developers of the tool
More than 200 code rules are proposed by default. Customizing existing rules or creating your own rules is straightforward thanks to the well-known C# LINQ syntax.
NDepend code rules can be verified live in Visual Studio and at build process time, in a generated HTML+javascript report.
You seems concerned by the number of false-positive. To keep the number of false-positives low, CQLinq offers the unique capabilities to define what is the set JustMyCode through special code queries prefixed with notmycode. More explanations about this feature can be found here. Here are for example two notmycode default queries:
Discard generated and designer Methods from JustMyCode
Discard generated Types from JustMyCode
To keep the number of false-positives low, with CQLinq you can also focus rules result only on code added or code refactored, since a defined baseline in the past. See the following rule, that detect methods too complex added or refactored since the baseline:
warnif count > 0
from m in Methods
where m.CyclomaticComplexity > 20 &&
m.WasAdded() || m.CodeWasChanged()
select new { m, m.CyclomaticComplexity }