Being Smart about FxCop


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I love FxCop…. If you have not seen
it you should totally go check it
out
… Like all great developer tools it started its life because a developer
had a focused problem he needed to solve. 
One of the lead developers on the then newly formed
. style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">NET style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> Framework team was responsible for
a large number of APIs in the framework. 
He (and a bunch of others) had just gotten though helping me put together
the first pass of the . href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/cpconnetframeworkdesignguidelines.asp">NET
Framework Design Guidelines Specification. style="mso-spacerun: yes">  Oh the hours we spent discussing naming
conventions etc…  Anyway, he now
needed to make his APIs conform to the guidelines. style="mso-spacerun: yes">  So like any good developer he saw the
need for a tool.  So over the
weekend he busted out the first version of FxCop… It was a cmdline tool that
checked a handful API design issues. 


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Soon the
. style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">NET style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> Framework Group Program Manager (my
boss at the time) picked the tool up, made it extensible and added more rules,
then I hacked on it a bit, then 
style="mso-spacerun: yes">  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Krzysztof style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Cwalina style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> added a GUI and finally we got real
dev resources when style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Michael style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Fanning style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> picked the tool up and made it
real.  


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">But now the real reason I post… The
tool has served us well and has caught a number of good issues in the Framework…
but I have on issue with the way people use it. style="mso-spacerun: yes">  There is just something deep within
developers that want to fix every single issue, even if they *KNOW* good
and well it is a false positive… Maybe it is from years of using lint type
programs but that model doesn’t work here. 
FxCop is primarily an style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">API style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> design tool… it is an aid to a
educated style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">API style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> designer… It provides hints and
suggestions but, design guidelines are subjective by nature and so are many of
FxCop rules.  They need to be
understood, considered in context not just blindly fixed. style="mso-spacerun: yes">  I guarantee if you just blindly fix all
issues FxCop raises your style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">API style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> will be style="mso-bidi-font-style: normal">worse than if you do nothing. style="mso-spacerun: yes">  An example… We have a rule that
encourage use of properties rather than methods for “Get” accessors. Now the DG
goes on for pages about exactly how to make this call, but most of those rules
are subject and therefore hard to FxCop to catch. style="mso-spacerun: yes">  style="mso-spacerun: yes">  style="mso-spacerun: yes">  So, for example FxCop complains
about the style="FONT-SIZE: 10pt; FONT-FAMILY: Courier; mso-bidi-font-family: Arial">public
style="FONT-SIZE: 10pt; FONT-FAMILY: Courier; mso-bidi-font-family: Arial">Guid style="FONT-SIZE: 10pt; FONT-FAMILY: Courier; mso-bidi-font-family: Arial">
style="FONT-SIZE: 10pt; FONT-FAMILY: Courier; mso-bidi-font-family: Arial">GetNext
style="FONT-SIZE: 10pt; FONT-FAMILY: Courier; mso-bidi-font-family: Arial">() style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> method we have the Guid class which
generates a guid close in sort order to the current guid (which isn’t truly
unique I’d guess, but helpful for debugging)… FxCop suggests making this a Next
property… now, does that make sense? 
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: PT-BR">No…
Guid’s don’t have a
logical backing store for “Next”… it is purely computational and therefore a
method is better. style="mso-spacerun: yes"> 


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">As FxCop has grown out of purely the
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">API style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> space, there are indeed violations
you should always fix… for example we now catch places where CultureInfo should
be passed to string comparison routines to avoid a bizarre security bug having
to do with code points such as the Turkish I…. (the issue href="http://research.microsoft.com/collaboration/university/europe/events/dotnetcc/version4/Slides/leblanc2.ppt">is
described here on slide 24 in general)


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 


style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Have fun with FxCop, but keep your
thinking caps on… that is why they pay you the big bucks
right??


 

Comments (3)

  1. Yosi Taguri says:

    hi,
    the last link to the slides is not working , could you fix it?

  2. theCoach says:

    hmmm…in your example, I might prefer that the semantics of ‘Get’ be used for properties, whereas a method call like GenerateNext() might be a better name. I am sure that there are good examples of what you are talking about, but IMHO, in this case you can come up with a better name.
    I have not yet downloaded this version, but I have always imagined that a tool like this should be hooked up to the Word dictionary, check for proper-casing and then make a Word bag of all of the terms that are used – generating possible synonyms and some common best practice mappings to some words. The word bag could also be generated form a client write ups, and give hints in creating new type names. Just a thought.

  3. Brad Abrams says:

    Sorry about the bad link, I fixed it…

    OK, ok not a great example… let me think on it more.