Managed Code Analysis Tools

Jeff Atwood

Jeff Atwood

2 min read Comments

Navigating a new codebase can feel like like landing on an alien planet. That's where static code analysis tools come in handy; they're akin to software tricorders. They provide a general snapshot of unfamiliar code: Is it normal? Is it unusual? Is it dangerous?*

Classic Star Trek Tricorder

There's an element of "correctness" associated with static code analysis, but I think this should be de-emphasized. The last thing developers want is a Code Nazi peering over their shoulder. I prefer to think of these tools as software tricorders, collecting a bunch of recommendations and metrics about our code. What we choose to do with that data is up to us.

The most famous static code analysis tool for .NET is, of course, Microsoft's FxCop. If you haven't tried FxCop in a while, I recommend running the latest version across one of your compiled assemblies. You'd be surprised how helpful it is, particularly for identifying unused variables and functions. You may also be surprised how annoying some of the rules are; that's why the entire list of rules can be selectively enabled or disabled and saved as profiles. You can even write your own custom FxCop rules-- how about a custom rule that requires XML documentation for each assembly, as illustrated in this June 2004 MSDN article?

FxCop is currently a standalone .exe in an informal GotDotNet workspace, but in Visual Studio 2005, it's an integrated part of the build process. You can enable output from the console version of FxCop by ticking the checkbox on the Code Analysis tab of the project properties. Any FxCop warnings or errors then show up as you would expect in the standard Task List tab.**

There's at least one commercial tool that also does .NET static code analysis, namely FMS Total .NET Analyzer. I tried the evaluation version which is limited to identifying only one issue for each category. It's nice enough, but it also seems to overlap quite a bit with FxCop. And it's pricey.

In addition to those well-known tools, Raymond Lewallen and Robin Curry found some additional lesser known managed code analysis tools:

I've heard good things about NDepends in particular, but I haven't had a chance to check it out yet.

* Don't bother if you're wearing a red shirt. In classic Trek fashion, you may not be around long enough to care.
** at least in VS.NET 2005 beta 2, you can.

Read more

Stay Gold, America

We are at an unprecedented point in American history, and I'm concerned we may lose sight of the American Dream.

By Jeff Atwood · · Comments

The Great Filter Comes For Us All

With a 13 billion year head start on evolution, why haven't any other forms of life in the universe contacted us by now? (Arrival is a fantastic movie. Watch it, but don't stop there - read the Story of Your Life novella it was based on

By Jeff Atwood · · Comments

I Fight For The Users

If you haven't been able to keep up with my blistering pace of one blog post per year, I don't blame you. There's a lot going on right now. It's a busy time. But let's pause and take a moment

By Jeff Atwood · · Comments

The 2030 Self-Driving Car Bet

It's my honor to announce that John Carmack and I have initiated a friendly bet of $10,000* to the 501(c)(3) charity of the winner’s choice: By January 1st, 2030, completely autonomous self-driving cars meeting SAE J3016 level 5 will be commercially available for passenger

By Jeff Atwood · · Comments