Managed Code Analysis Tools

Jeff Atwood

06 Sep 2005 — 2 min read — Comments

Navigating a new codebase can feel like like landing on an alien planet. That's where static code analysis tools come in handy; they're akin to software tricorders. They provide a general snapshot of unfamiliar code: Is it normal? Is it unusual? Is it dangerous?*

Classic Star Trek Tricorder

There's an element of "correctness" associated with static code analysis, but I think this should be de-emphasized. The last thing developers want is a Code Nazi peering over their shoulder. I prefer to think of these tools as software tricorders, collecting a bunch of recommendations and metrics about our code. What we choose to do with that data is up to us.

The most famous static code analysis tool for .NET is, of course, Microsoft's FxCop. If you haven't tried FxCop in a while, I recommend running the latest version across one of your compiled assemblies. You'd be surprised how helpful it is, particularly for identifying unused variables and functions. You may also be surprised how annoying some of the rules are; that's why the entire list of rules can be selectively enabled or disabled and saved as profiles. You can even write your own custom FxCop rules-- how about a custom rule that requires XML documentation for each assembly, as illustrated in this June 2004 MSDN article?

FxCop is currently a standalone .exe in an informal GotDotNet workspace, but in Visual Studio 2005, it's an integrated part of the build process. You can enable output from the console version of FxCop by ticking the checkbox on the Code Analysis tab of the project properties. Any FxCop warnings or errors then show up as you would expect in the standard Task List tab.**

There's at least one commercial tool that also does .NET static code analysis, namely FMS Total .NET Analyzer. I tried the evaluation version which is limited to identifying only one issue for each category. It's nice enough, but it also seems to overlap quite a bit with FxCop. And it's pricey.

In addition to those well-known tools, Raymond Lewallen and Robin Curry found some additional lesser known managed code analysis tools:

Reflector.CodeMetrics (an add-in for the essential Reflector)
DevMetrics ($)
NDepend
Complexity Analyzer ($)
CCMetrics
CRPlugin (plugin for DxCore)
Source Monitor
vil

I've heard good things about NDepends in particular, but I haven't had a chance to check it out yet.

* Don't bother if you're wearing a red shirt. In classic Trek fashion, you may not be around long enough to care.
** at least in VS.NET 2005 beta 2, you can.

Complaint-Driven Development

If I haven’t blogged much in the last year, it’s because we’ve been busy building that civilized discourse construction kit thing I talked about. (Yes, that’s actually the name of the company. This is what happens when you put me in charge of naming things. Pinball

The Rule of Three

Every programmer ever born thinks whatever idea just popped out of their head into their editor is the most generalized, most flexible, most one-size-fits all solution that has ever been conceived. We think we've built software that is a general purpose solution to some set of problems, but

Today is Goof Off at Work Day

When you're hired at Google, you only have to do the job you were hired for 80% of the time. The other 20% of the time, you can work on whatever you like – provided it advances Google in some way. At least, that's the theory. Google&

Coding Horror: The Book

If I had to make a list of the top 10 things I've done in my life that I regret, "writing a book" would definitely be on it. I took on the book project mostly because it was an opportunity to work with a few friends

Recent Posts

Stay Gold, America

We are at an unprecedented point in American history, and I'm concerned we may lose sight of the American Dream.

The Great Filter Comes For Us All

With a 13 billion year head start on evolution, why haven’t any other forms of life in the universe contacted us by now? (Arrival is a fantastic movie. Watch it, but don’t stop there – read the Story of Your Life novella it was based on for so much

I Fight For The Users

If you haven’t been able to keep up with my blistering pace of one blog post per year, I don’t blame you. There’s a lot going on right now. It’s a busy time. But let’s pause and take a moment to celebrate that Elon Musk

The 2030 Self-Driving Car Bet

It’s my honor to announce that John Carmack and I have initiated a friendly bet of $10,000* to the 501(c)(3) charity of the winner’s choice: By January 1st, 2030, completely autonomous self-driving cars meeting SAE J3016 level 5 will be commercially available for passenger use

Related posts

Recent Posts