Code Analysis Features in VS 2008

In Visual Studio 2005, we integrated a couple of internal static analysis tools - FxCop and PREfast into the product under the names Managed Code Analysis and C/C++ Code Analysis.  This helped customers write secure and quality code for managed and native platforms using the same tools that we had been using internally for years.  This is part of our philosophy of "ship what we use and use what we ship".

For Visual Studio 2008, the Code Analysis team has added some new features that I wanted to talk about today.

Code Metrics - This is a new tool window that allows you to not only get an overall view of the health (code-wise) of your application, but also gives you the ability to dig deep to find those un-maintainable and complex hotspots.  For Visual Studio 2008, Code Metrics will ship with five metrics - Cyclomatic Complexity, Depth of Inheritance, Class Coupling, Lines of Code and Maintainability Index.  The Code Analysis team has a couple of posts describing the new feature, here and here.

Code Analysis Policy improvements - Code Analysis Policy provides the ability to ensure that Code Analysis is run before every check-in.  Based on feedback from customers, the team made a few usability improvements, including better guidance and providing more control over how settings are applied from the policy to projects.

Analysis improvements - A number of improvements were made around analysis:

-          Support for analyzing anonymous methods and lambda expressions

-          Reduced noise in existing analysis and the ability to skip over tool generated code

-          New analysis, including additional rules around security, globalization, maintainability and spelling (including custom dictionary support)

-          Better support for C++/CLI and the Compact Framework

-          Performance improvements that cut analysis time over managed code by 2x, and used half as much memory than in Visual Studio 2005.

Better suppression support - Code Analysis supports suppressing an instance of a warning by right-clicking on it in the Error List and choosing Suppress Message.  This support has been extended for Visual Studio 2008, giving more control over whether a suppression applied in-source or in a separate project suppression file.  The underlying suppression format has also changed to support generic methods, C++ boxed value types and special type modifiers, such as C++s const.



Comments (26)

  1. Steve says:

    You should clarify that code analysis is only available for the Team System versions of 2005 (and 2008 I presume?).  

    It’s unfortunate that Code Analysis/FxCop features are no longer available to the many developers who want to deliver the highest quality code, but don’t have the budget for team system.

  2. Mike Glass says:

    Microsoft has provided FxCop to the development community via the website GotDotNet. We are in the process of moving FxCop to where we will continue to make it available to the developers. I expect FxCop to reappear on MSDN in the tools section within two weeks. FxCop is also in the Windows SDK.

  3. Soma’s writing a series of blog posts on VS2008 features in anticipation of our coming release. As part

  4. Soma's writing a series of blog posts on VS2008 features in anticipation of our coming release. As

  5. Достаточно интересный обзор с линками и коментариями касающийся следующих аспектов: Code Metrics Code

  6. via Soma Back in the days of fxCop, (before we had to pay for code analysis in Team Developer) if you

  7. Gavin Greig says:

    Does the "better support for … Compact Framework" include support for the use of Suppress Message attributes in Compact Framework code? This has been a frustration for us that I haven’t seen directly addressed anywhere.

  8. Ian Ringrose says:

    If this be in the normal versions of Visual Studio 2008 or just the Team System versions?

    I would hope the professional version of Visual Studio 2008 included all these tool BUT only the Teem System Versions will let a manager force the programmers to use them.  

    E.g. professional version == all tools for professionals

    teem system version == can force none professionals to use the tools  (professional will choose to use them anyway)

  9. davkean says:

    Gavin: SuppressMessageAttribute is now present in Compact Framework 2.0 and 3.5 (the only versions supported by Visual Studio 2008). Better support also means smarter rules that do not fire when they are not applicable.

  10. Larry says:

    Is there any work being done to make downlevel versions of Visual Studio work better under Vista?

    Is there any work being done to work with cross platform libraries to compile cleanly under VS2008 out of the box? Several (Xerces and ICU stick out in my mind) don’t  even compile under VS2005.

  11. davkean says:

    Steve: We’ve actually just released a beta of FxCop 1.36. See for more information.

  12. Somasegar’s WebLog has a entry on VC++ Performance Improvements in VS 2008 . A couple of days ago he

  13. Please Let us know that Code analysis feature will be Vs2008 team suite edition only or is provided in any other edition of VS2008 like standard or professional ?

    As in VS2005 it is only integrated in the team suite edition

  14. conorm says:

    Just to clarify.  The code analysis features in Visual Studio Team System are available in the Team Developer SKU and the Team Suite SKU (naturally).  The other SKUs do not have this feature.

    Microsoft continues to offer FxCop as a free standalone tool that performs many (but not all) of the same checks as visual studio team system.  This is available for download from MSDN.  To keep up to date with code analysis check out the blog: – we will soon be posting information on which rules are available in which versions of Visual Studio and FxCop.

  15. Steve Chadwick says:

    Is there a way to extract these metrics via the commandline?  If so, can you share some examples?  I would like to hit the project as part of the build process and log some of the metrics in a database for historical purposes.  I see references to commandline availability, but no examples.


    Steve Chadwick

  16. conorm says:

    Steve: Unfortunately, at this time we don’t provide the ability to gather the metrics via the command line (and thus integrate with the build process).  I posted more info about this current limitation in the code analysis blog here:

    This is a much asked for feature and we are considering it for a future release.  I will make sure we blog about it when we solidify our plans.



  17. Andy Sicignano says:

    Should code analysis be packaged with VSTS Database Edition? I’m not seeing it.



  18. Somasegar says:

    Thanks for the feedback Andy.  I know that the team is looking at this.


  19. Antes de apagar la máquina (o me corten el internet pues dicen que debo dormir, lo cual no comprendo

  20. KenM says:

    Can someone please clarify what code analysis tools are available for unmanaged C++?  For instance, static analysis, metrics, style, etc.

    What is the minimum MSDN subscription level they come with?



  21. jeffrey25 says:

    any plans by Microsoft to include Code Metrics as part of Professional Edition down the line….???

    looks like a really good utility and would be great to have inside Visual Studio Professional edition

  22. jeffrey25 says:

    any plans by Microsoft to include Code Metrics as part of Professional Edition down the line….???

    looks like a really good utility and would be great to have inside Visual Studio Professional edition



Skip to main content