Ask Learn
Preview
Ask Learn is an AI assistant that can answer questions, clarify concepts, and define terms using trusted Microsoft documentation.
Please sign in to use Ask Learn.
Sign inThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this post I'll illustrate in details the following points
Static Code Analysis feature of Visual Studio performs static code analysis on code to help developers identify potential design, globalization, interoperability, performance, security, and a lot of other categories of potential problems according to Microsoft's rules that mainly targets best practices in writing code, and there is a large set of those rules included with Visual Studio grouped into different categorized targeting specific coding issues like security, design, Interoperability, globalizations and others.
Static here means analyzing the source code without executing it and this type of analysis can be performed through automated tools (like Visual Studio 2013 Code Analysis Tool) or manually through Code Review which already supported in Visual Studio 2012 and 2013 (check Using Code Review to Improve Quality video on Channel9)
There is also Dynamic analysis which performed on executing programs using software testing techniques such as Code Coverage for example.
Running Code analysis tool at regular intervals during your development process can enhance the quality of your software, examines your code for a set of common defects and violations is always a good programming practice.
Adding that Code analysis can also find defects in your code that are difficult to discover through testing allowing you to achieve first level quality gate for you application during development phase before you release it to the testing team.
Code Analysis can be run manually at any time from within the Visual Studio IDE, or even setup to automatically run as part of a Team Build or check-in policy for Team Foundation Server.
Run Code Analysis Manually
Run Code Analysis Automatically
Run Code Analysis while check-in source code to TFS version control (TFSVC)
Check Code analysis rule set reference on MSDN
Run Code Analysis as part of Team Build
Now after you went through Code Analysis configurations and the different ways of running it, we will go through the Code Analysis result how to understand them and how to resolve them.
Code Analysis window in Visual Studio will show all the analysis results based on the rule sets you configured in the project file properties, let's dig deep into what each result item contains:
1 |
Check ID |
The unique identifier for the rule. CheckId and Category are used for in-source suppression of a warning. |
2 |
Title |
The title of warning message |
3 |
Description |
A description of the problem or suggested fix |
4 |
File Name |
File name and the line of code number which violate the code analysis rule set |
5 |
Category |
The code analysis category for this error |
6 |
Warning /Error |
Depend on how you configure it in the rule set the default is Warning level |
7 |
Action |
Copy: copy the warning information to the clipboard Create Work Item: If you're connected to Team Foundation Server you can create a work item most probably you may create a Task or Bug and assign it for a developer to fix certain code analysis warning Suppress Message: There are times when you might decide not to fix a code analysis warning. You might decide that resolving the warning requires too much recoding in relation to the probability that the issue will arise in any real-world implementation of your code. Or you might believe that the analysis that is used in the warning is inappropriate for the particular context. You can suppress individual warnings so that they no longer appear in the Code Analysis window. Two options available: In Source inserts a SuppressMessage attribute in the source file above the method that generated the warning. This makes the suppression more discoverable. In Suppression File adds a SuppressMessage attribute to the GlobalSuppressions.cs file of the project. This can make the management of suppressions easier. Note that the SuppressMessage attribute added to GlobalSuppression.cs also targets the method that generated the warning. It does not suppress the warning globally. |
Visual Studio makes it very easy to fix Code analysis warning, all you have to do is clicking on the Check Id hyperlink if you are not aware how to fix the warring and you'll be directed to MSDN online or local copy based on the configuration you did while installing Visual Studio and you will find all the information about the warring including how to fix it.
Anonymous
October 25, 2013
Thanks Hosam for the detailed article, one question, is there an analysis part of VS Static Code Analysis that sans for dead code, in other word methods or classes that is not referenced, css/js dead clases/links, js functions that is not used?
Anonymous
October 25, 2013
@Adel Thanks for raising this point will update the post to include some information about that and for you questions yes you can use code analysis to detect the following types of dead code, you can simply run the "All Microsoft Rules" or simply create a custom Rule set with the following check Ids
•Private methods that are not called from any other code (CA1811)
•Unused local variables (CA1804)
•Unused private fields (CA1823)
•Unused parameters (CA1801)
•Internal classes that are not instantiated from any other code (CA1812)
As for the JavaScript we released a feature to analyze JavaScript code but for Windows Store Apps only (blogs.msdn.com/.../using-visual-studio-s-javascript-memory-analysis-tool-to-find-memory-leaks-on-your-windows-8-javascript-app.aspx) I believe JSLint is still the tool for that since Visual Studio Code analyzer can scan only .NET framework code and native (C and C++)
Anonymous
October 26, 2013
Much appreciated
Anonymous
February 25, 2014
Thanks for your article. is there a tool to display charts of analysis history ? or something like easy UI to check more frequent transgression rules, overall complexity..etc. ? something like SonarQube for instance ?
Anonymous
April 16, 2014
This is a great article. In MSDN it is one of the few that I have seen which also adds a references section. While most are findable within MSDN itself, the notable mention is the ACM article reference. Even though it will not add to your knowledge of static analysis within Visual Studio, it broadens the understanding of how these tools are constructed, their limitations, and what to expect from them. It is a nice read by itself.
Anonymous
April 23, 2014
Is there any plans to extend dead code analysis to also include public methods and fields by doing a cross project analysis within a solution? I inherited maintenance of code where the author liked to create many small cross-referenced projects with class and methods being public by default. Unfortunately, static code analysis does not help me find dead code in this situation.
Anonymous
May 05, 2014
This is a useful article, thanks Hosam. My team are looking to implement our own custom rules (not just custom rule sets, but specific rules which may not already be available in the Microsoft sets). This article is the closest I can find, but it's 4 years old now:
blogs.msdn.com/.../how-to-write-custom-static-code-analysis-rules-and-integrate-them-into-visual-studio-2010.aspx
I'd like to stick to using Code Analysis because of the IDE/TFS integration, but I can find no formal documentation on how to do this, can you offer any advice?
Anonymous
July 23, 2014
My question is if we are planning to perform the cleanup using Code Analysis feature. We cannot do this in one go since we are having very large number of projects(95). Out of which many of them are part of different solutions, I mean common libraries. Is there any chance that if I apply rules against one solution will broke other solutions.
Simple question is " Does all the analysis Rules make sure those are only DLL level warnings are generated? "
Anonymous
July 25, 2014
The comment has been removed
Anonymous
August 06, 2014
I have the same question as Sandip. We got a solution comprising of many projects and we need to do a feel of how the whole solution is doing. For example there could be public methods/properties of low level projects (Services etc...) which are not used by the front end and thus can be cleaned up. Wondering whether VS 2013 analysis can solve it in anyway.
Anonymous
August 16, 2014
I am using VS2013. I ran code analysis with security rules on my web project. But it did not show issues in config file such as
Anonymous
December 28, 2014
Thanks for article, I have one question can we do impact analysis by using this tool?
For example I have one project in that there is one integer variable now my requirement is to change that integer variable to long
So I have to generate report which contains how many fields or variable will affect? How many files I have to recompile again?
Anonymous
September 21, 2015
Hello
Thanks for the article it is too much informative, i have one question can we get the Log files regarding this that when we run this code analyzer and its details.
Thank you
Yogesh
Anonymous
October 13, 2015
Hi, I'm using VS Express 2013. When I run code analysis on my current project I get just 5 issues listed but if I examine the xml files generated by the code analysis tool, they contain many more issues - how do I get these to show up in the main code analysis window?
Anonymous
April 29, 2016
The comment has been removed
Anonymous
April 08, 2018
Thank you for sharing such valuable information with us.It is going to help me a lot,thanks for telling what is the important of static code.Can you tell me how i can use this for different programming language to rectify bugs?Waiting for your reply..!
Ask Learn is an AI assistant that can answer questions, clarify concepts, and define terms using trusted Microsoft documentation.
Please sign in to use Ask Learn.
Sign in