Static Code Analysis with FxCop

Static Code Analysis is like spell checking for your code. Instead of looking for spelling mistakes, it looks for coding mistakes (not disposing unmanaged resources, using deprecated assemblies, globalization issues and more). For the .NET framework, the tool is FxCop. This tool works against 1.0, 2.0, and 3.x object code (assemblies, not source code). This means that the tool works for ALL CLR languages (VB.Net/C#/F#/RPG.Net…) and provides a report on nine areas of code compliance with Design Guidelines

  1. Design
  2. Globalization
  3. Interoperability
  4. Mobility
  5. Naming
  6. Performance
  7. Portability
  8. Security
  9. Usage
This tool has both a GUI and command line interface (perfect for continuous build processes) and exports an XML/HTML report. To use this tool, you will need to add the CODE_ANALYSIS compilation flag to your project. As you review your reports, you will see three types of errors

  • Errors that you have made that you need to fix
  • Errors that you have made that you have no intention of fixing (coding style)
  • Errors that you made a conscious decision to make. (catching a generic Exception, constructor style)

The fixes for these errors are also different

  • Fix your code (easy enough)
  • Disable the specific rule for analysis
  • Add an attribute to your function/assembly that disables the specific test for that function. CodeAnalysis.SupressMessage

I have found tools like these to be most useful when you are hitting a wall about how to redesign or extend your application. This provides an impartial look at your code to ensure you are developing with the Design Guidelines in mind. Of course, a tool like this is also useful when you want to clean up a poorly maintained library as well!

Leave a Reply

Name *
Email *