FxCops is something new to me, but as always I would like to get to know the new things..
From what I've read, FxCops is already included in VS2008. I guess it's the "Code Analysis" function. Whenever I try to run it though, it seems to start a rebuild and end in the "Finished Rebuilding" state.
I checked the output window and there are a bunch of warnings there. But if I'm not mistaking, there should be more of a GUI for this then the wall of text in my output window, right?
Am I missing a window that should have popped up? Can I open it somewhere? Or is there anything else I'm missing?
Yes, Code Analysis is the nice friendly name for FxCop. However, I'm not aware of a friendly window beyond the errors / warning list where they should appear, prefixed CA.
On the project properties screen there is a Code analysis tab where you can treat warnings as errors to enforce the rules you care about.
Just so everyone knows, because it took me a long time to figure this out.... Code Analysis / FxCop is only included in Team System and Team Suite versions of VS 2008, not in the Professional Edition.
You're not missing anything - there isn't a pop-up window.
The list of issues in the output window is pretty much all you'd get in FxCop. It's just that FxCop is a standalone application.
Here's a decent article on FxCop and Code Analysis:
Link
An alternative to FxCop would be to use the tool NDepend that lets write Code Rules over C# LINQ Queries (namely CQLinq). NDepend is integrated in VS 2012, 2010 and 2008. Disclaimer: I am one of the developers of the tool
More than 200 code rules are proposed by default. Customizing existing rules or creating your own rules is straightforward thanks to the well-known C# LINQ syntax.
NDepend code rules can be verified live in Visual Studio and at build process time, in a generated HTML+javascript report.
You seems concerned by the number of false-positive. To keep the number of false-positives low, CQLinq offers the unique capabilities to define what is the set JustMyCode through special code queries prefixed with notmycode. More explanations about this feature can be found here. Here are for example two notmycode default queries:
Discard generated and designer Methods from JustMyCode
Discard generated Types from JustMyCode
To keep the number of false-positives low, with CQLinq you can also focus rules result only on code added or code refactored, since a defined baseline in the past. See the following rule, that detect methods too complex added or refactored since the baseline:
warnif count > 0
from m in Methods
where m.CyclomaticComplexity > 20 &&
m.WasAdded() || m.CodeWasChanged()
select new { m, m.CyclomaticComplexity }
Related
At the moment I'm interested in source code analysis and playing around with the built-in possibilities and other third party plguins.
The biggest problem for me, is to identify or filter for code analysis related warnings in the error list window of Visual Studio.
I think all warnings starting with "CA" are these types of errors. Anyway I'm still not sure and want to get this clarified, so that I have knowledge about this and not just a feeling/believe.
This problem brings me in general to the question: Is there a list of all error/warning "groups" and what they are related to? Is it possible that there are "custom" defined "groups"?
I think this is important since every warning will be pushed to the same window. Based on the task someone is working on, it can be pretty hard to identify relvant warnings/outputs (especially in huge projects).
So far my results or what I think is the meaning (list may be uncomplete):
CA - Source Code Analysis, based on this source
CS - C# compiler in general, based on assumption (I get these while compiling C#)
AD - ?? (I get these from "Roslyn Security Guard" when throwing exceptions while analysing code)
C - C/C++ compiler in general, based on assumption (I know this group of warnings from C/C++ projects)
SG - ?? (Maybe these are warnings coming from successfull analysed code with Roslyn Security Guard (SG = Security Guard?))
Yes SG comes from Roslyn Security Guard. It is a custom name chosen by developer of the analyzer. This is why there is no single list of warnings. Only groups of warnings produced by Microsoft are documented on Msdn. AD001 is shown when an analyzer itself throws an exception because of a bug in it.
In my project I am using custom controls instead of normal ASP.NET controls. We have build an architecture on .NET and are using its controls.
Now I need to write a custom rule to check for if some of windows controls are being used. Reason being, my team needs to be limited to only my custom controls that were designed to replace the windows controls.
Example: I need to search and if they are using System.Windows.Controls.Textbox.....I need it to be an error.
Can anyone please help me out with code?
I hope the problem is clear ..... in case of any further clarifications needed please let me know.
The logic for this sort of rule is fairly simple:
Check method bodies, visiting each constructor invocation to see if
the target class inherits from the base Control class.
If it does, verify that the target class is in your namespace or assembly (or however you can best identify it as "yours").
This is relatively simple. A much bigger problem is that the relevant contructors will usually be invoked in designer-generated code, which most folks tend to prefer ignoring when executing FxCop. To get your rule to work, you will need to include designer-generated code in your analyses.
The tool NDepend let's write custom code rules on .NET code much more easily than with FxCop. Disclaimer: I am one of the developer of the tool
With this tool you can write custom code rules over LINQ queries (what is named CQLinq). For example, the query you are asking for can be written this way with CQLinq:
// <Name>Don't use system controls</Name>
warnif count > 0
let systemControls = ThirdParty.Types.Where(
t => t.DeriveFrom("System.Windows.Forms.Control".AllowNoMatch()))
where systemControls.Count() > 0
from t in systemControls
let methodsThatCreateT = t.TypesUsingMe.ChildMethods().Where(m => m.CreateA(t))
select new { t, methodsThatCreateT }
While editing such code rule, instantly a browsable result is shown (in 3 milliseconds here). Double clicking any type or method in this result, jumps to its declaration in source code in Visual Studio:
200 default code rules are proposed. The tool is 100% integrated in Visual Studio 2012, 2010, and 2008. Default or custom code rules can be validated inside Visual Studio, and/or at Build Process time, in a generated HTML+javascript report.
I've getting some information about this, but I still can find a proper answer, I was asked recently in my company for this : "run a fxcop analysis on that code and tell me the results".
Ok, I have VS2010 Ultimate which has code analysis, but before making any comment, I browse it on the internet cause I want to implement the best choice...
So, let's say I'm gonna use the same rules on both analyzers:
Should I recommend using one above the other?
Should I say "hey, thats kinda old, let's use code analysis!"
Should I get the same results on different computers? (for what I undersand, fxcop gives you some "points" and for what I've read, sometimes it gives you diff points on diff computers, I don't know about this with code analysis
Thanks, any help would be appreciated
FxCop and Code Analysis are essentially the same thing, with the following differences:
Code Analysis includes a VS IDE extension. FxCop can be executed from and show results within the IDE, but the result is not as full-featured. On the other hand, FxCop includes a stand-alone UI that is more full-features with respect to certain types of results exploration.
Code Analysis includes more rules than FxCop. Part of this is because it includes an additional rules engine, but part is just extra rules that Microsoft decided we should pay for. (The extra rules can be run from FxCop if you want to see the results in the stand-alone FxCop UI.)
For any given rule, you should see exactly the same results on any given machine, regardless of which of the two tools you are using. The only cases in which you should see differences is when you do not specify culture settings for the FxCop analysis, and the system culture differs between machines.
I'm setting up a project where we've decide to use StyleCop and VS2010 "Code Analysis" rules.
I've setup the build so both sets of rules are executed on every build. The problem is that developers on this project will only be able to see StyleCop and Code Analysis rule violations on build.
While authoring code the VS2010 code editor doesn't highlight rules violations like it would do for build errors. I'm afraid that means folks would end up authoring code for an extended period of time and than prior to checkin have to fix 100+ rules violations. I'd like to explore a more organic process.
After spending the better part of the last two weeks googling, I admit defeat. I've found "StyleCop for Resharper" that would provide inline code editor highlights for StyleCop rules violations. I was wondering if there's something similar for Code Analysis or if there are any other options for StyleCop?
Thanks,
-- Justin Angel
Unfortunately there is nothing similar to StyleCop for Resharper for FxCop. StyleCop is looking only for style guideline violations, which means it need only look at source code, text files. FxCop performs analysis on compiled assemblies and looks at things like P/Invoke correctness, multiple calls to Dispose, unmanaged vs. managed API use, etc. While a tool could certainly perform such analysis of source (indeed, Resharper can help you with some, but certainly not all FxCop warnings), to do so fully would effectively require a compile. If you are compiling, then you might as well just use FxCop. By the way, Resharper is worth the money.
I hope this is a valid question: how does intellisense work in VS2008? I'm after what is known about the algorithm it uses to find the suggestions, when exactly it pops up (the "." is just one obvious trigger), how its behavior can be modified if at all possible, etc.
To put this question into context: The main issue I'm trying to resolve is how to activate and deactivate intellisense in portions of the editor screen and how to modify where it searches to populate the suggestion box.
All information is welcome.
Take a look at this DIY Intellisense article on CodeProject.
It's more fun to reverse-engineer it, though. Let's consider the problem:
you need to identify the words of interest
you need to find the options possible
you need to present them
Now, the first step means you have to parse the code. You've got the C/C** keywords, you pre-parse the various function and class declarations, and load them into some kind of data structure. Then you parse the code and store the class, variable, etc names and put them in the same data structure.
The second step means you want a data structure which efficiently can search for a partial word and get all the words that have that prefix. You can do that with regular expressions, but that's not very efficient. An efficient data structure for that kind of search is a trie, which is discussed here on SO .
Once you have the list of possibilities, you just present it. You probably want to keep a reference to the root of the tree of possibilities so you can search them out in real time as someone types more letters.
Eclipse also has this feature and it is an open source project. Why not check out how Eclipse does it by actually looking at the code?
This question is too broad. Since there are a number of different languages the VS IDE supports out of the box AND there are N number of DSL and IDE enhancements that support alternative intellisense this implies a number of answers. If you are speaking about C# specifically then See the Tools | Options | Text Editor | C# | Intellisense area to see the available options of completion options. As far as the algorithm[s] used, you would be looking for the metadata of assemblies, copious caching of type members, MRU list for last member chosen for specific type, etc. If you have a more specific question, I'd suggest you clarify.
See the example of a DSL (ironpython) and its implementation here.
I haven't seen any text editor in VS that limits where IntelliSense shows up. It's all language specific. If your cursor is located at a point where IntelliSense might contribute to a valid token, that's when it will be used.
I believe there is some interaction with the project system being used, but that's as far as I know. I also believe there is a sample project system in the Visual Studio SDK, and that might give you an idea.
For such cases I sometimes use my own version of InteliSense that I developed for AutoHotKey when I want specific behavior. The point of this script is that it can be used with any editor, or basically any control accepting text. It works by recording text input and interpreting it upon syntax file.
You can perhaps use it as a base for the thing you want to achieve. I used ISense succesifully with several languages that don't have such thing, like Csound or even batch scripts. It will be possible to extend it to support C# using input monitoring in combination with Reflection.
Anyway, with AHK you can even control VS intelissense by "taking" the list of items it presents and filter it, or similar things. You may have some small problems with process boundaries but nothing that cant be fixed.
The intellisense ius generally, AFAIK, implemented using different methods. I read that Delphi is so fast that it implements isense by recompiling the project on each token and thats the reason C++ Builder didn't have isense as its compiling very slow.
As to your how to change where it looks question, short answer is, you can't. Intellisense for the most part is provided by reflection of assemblies included in your project ( and some other tricks with C++ ). What you are getting is a result of VS processing through all the assemblies you have included and all assemblies from the GAC.
That said, if you want to provide explicit intellisense results from a project you are working on, look into IVsContextualIntellisenseFilterProvider
Finally, for some insight into the behind the scenes process, check this blog post