Website development and design blog, tutorials and inspiration

Using Code Analysis to Analyse Your Code Quality

Improve team code quality with Code Analysis

By , Written on in C#

Using Code Analysis to Analyse Your Code Quality

352 words, estimated reading time 2 minutes.

Code analysis provides information about managed assemblies, such as violations of the programming and design rules set forth in the Microsoft .NET Framework Design Guidelines. Warning messages identify any relevant programming and design issues and, when it is possible, supply information about how to resolve issues.

You can use the code analysis tools in Visual Studio to discover potential issues in your code, such as non-secure data access, usage violations, and design problems. The Code Analysis window is available all editions of Visual Studio 2013.

Code Analysis is a static analysis tool which searches for common patterns which may indicate that something is wrong in the source code. For example, if an instance of a class which implements IDisposable is not disposed of properly, Code analysis will emit a warning:

  1. private void DoSomething()
  2. {
  3. var connection = new SqlConnection(...);
  4. this.ChangeSomeData(connection);
  5. }

This is the correct implementation of the previous piece of code:

  1. private void DoSomething()
  2. {
  3. using (var connection = new SqlConnection(...))
  4. {
  5. this.ChangeSomeData(connection);
  6. }
  7. }

Code Analysis is intended to find patterns which are cumbersome or simply boring to find manually. For instance, in the previous example, it may be quite boring for a developer to check if any class he uses implements IDisposable or to remember all .NET Framework classes which implement it.

Although it is subject to false positives, it is usually beneficial to target zero warnings for business-critical code without using suppressions. Within Visual Studio, Code Analysis can be configured to run at compile-time; if project settings also specify that warnings should be treated as errors, violations of Code analysis rules won't stay unnoticed.

Since static analysis can take some time for medium or large projects, it is often a good idea to move it from developer's machines to the TFS build server. While running Code analysis during pre-commit is not a good idea (unlike StyleCop), it can still run on build and fail it if warnings are found.

For non-business-critical code, Code analysis may be run manually from Visual Studio or command line. The checks and warnings can be fine-grained in project properties to suit your needs. For instance, globalization warnings can be turned off if your project is not intended to be localized.

As with StyleCop, it is essential to decide whether the project will target zero warnings from Code analysis from the beginning of the project. Introducing it in an existing project may be too painful.

Last updated on: Sunday 20th August 2017

Comments

There are no comments for this post. Be the first!

Leave a Reply

Your email address will not be published.