Static Code Analysis – Understanding the Predefined Rules

  • Article

SKU: Premium, Ultimate

Versions: 2010

Code: vstipTool0140

 

 

In vstipTool139 (“Static Code Analysis – Simple Code Analysis”) we scratched the surface of code analysis for a simple class. Now we will begin to delve deeper into the extensive set of predefined rules available out-of-the-box in Visual Studio. In these examples I will be using Visual Studio 2010 however most of the rules exist in Visual Studio 2008 as well. To see the list of the differences in rules read this article from the Code Analysis Team blog:

https://blogs.msdn.com/b/codeanalysis/archive/2010/03/22/what-s-new-in-code-analysis-for-visual-studio-2010.aspx

 

The biggest difference between Visual Studio 2008 and 2010 is the creation and management of rule sets which is why I have the version set to 2010 only. The new way to manage rules makes it very easy to work with existing rules in a multitude of ways. Also, I am limiting myself to managed code rules for these examples but the same techniques apply to unmanaged code rules as well. Without further ado, let’s explore some of the ways we can work with predefined rules.

 

First, create a new class library project in C# or VB then go to the project properties. Click on the Code Analysis tab inside the project properties. You should see the following:

image

 

 

The first choice you are faced with is which set of predefined rules to use. By default the Microsoft Minimum Recommended Rules will be applied however if you click on the dropdown list for the rule sets you will see many more options to choose from:

image

 

 

This table lays out the names and general purpose of each of the available managed predefined rule sets:

Rule Set

Description

Microsoft All Rules

This rule set contains all rules. If you run this rule set, a large number of warnings might be reported. Use this rule set to get a comprehensive picture of all issues in your code. This approach can help you decide which of the more focused rule sets are most appropriate to run for your projects.

Microsoft Basic Correctness Rules

These rules focus on logic errors and common mistakes made in the usage of framework APIs. Include this rule set to expand on the list of warnings that the minimum recommended rules report.

Microsoft Basic Design Guideline Rules

These rules focus on enforcing best practices to make your code easy to understand and use. Include this rule set if your project includes library code or if you want to enforce best practices for easily maintainable code.

Microsoft Extended Correctness Rules

These rules expand on the basic correctness rules to maximize the number of logic and framework usage errors that are reported. These rules emphasize specific scenarios such as COM interoperability and mobile applications. Consider including this rule set if one of these scenarios applies to your project or to find additional problems in your project.

Microsoft Extended Design Guideline Rules

These rules expand on the basic design guideline rules to maximize the number of usability and maintainability issues that are reported. These rules emphasize naming guidelines. Consider including this rule set if your project includes library code or if you want to enforce the highest standards for writing maintainable code.

Microsoft Globalization Rules

These rules focus on problems that prevent data in your application from appearing correctly in different languages, locales, and cultures. Include this rule set if your application is localized, globalized or both.

Microsoft Minimum Recommended Rules

These rules focus on the most critical problems in your code, including potential security holes, application crashes, and other important logic and design errors. You should include this rule set in any custom rule set that you create for your projects.

Microsoft Security Rules

This rule set contains all Microsoft security rules. Include this rule set to maximize the number of potential security issues that are reported.

Note: You can find this table in the documentation at https://msdn.microsoft.com/en-us/library/dd264925(VS.100).aspx

 

 

At a high level the rules deal with correctness, design, globalization, and security issues. Since we are creating a class library it might make sense for us to use the design guidelines based on the description. Pick the Microsoft Extended Design Guideline Rules for our project then click the Open button so we can explore the details:

image

 

NOTE: Keep one thing in mind as you explore these rules: there is no “one size fits all” solution. Your final rule set will almost always consist of several other rules that you feel are best for your needs.

 

 

We’ll get to the inner workings of this editor in a later post but, for now, focus on the ID column. Take note of the various categories we can expand to get details. Below is a list of these categories and what they represent:

Category

Description

Design Warnings

Warnings that support correct library design as specified by the .NET Framework Design Guidelines.

Globalization Warnings

Warnings that support world-ready libraries and applications.

Interoperability Warnings

Warnings that support interaction with COM clients.

Maintainability Warnings

Warnings that support library and application maintenance.

Mobility Warnings

Warnings that support efficient power usage.

Naming Warnings

Warnings that support adherence to the naming conventions of the .NET Framework Design Guidelines.

Performance Warnings

Warnings that support high-performance libraries and applications.

Portability Warnings

Warnings that support portability across different platforms.

Reliability Warnings

Warnings that support library and application reliability, such as correct memory and thread usage.

Security Warnings

Warnings that support safer libraries and applications.

Usage Warnings

Warnings that support appropriate usage of the .NET Framework.

Note: You can find this table in the documentation at https://msdn.microsoft.com/en-us/library/ee1hzekz.aspx

 

 

The number of rules you deal with in each category depends on the rule set you have chosen. For example, the extended design rule set has about 60 design rules, 2 globalization rules, and 7 interoperability rules among the other rules in this set:

image

 

 

By now you have no doubt noticed the warning just below the toolbar in this editor. You are just exploring the rules for now but when we modify the rules in a later tip you will have to save your changes to a new rule set file. Don’t be intimidated by rule set files, they are just XML files. Here is a piece of the extended design rule set in Notepad:

image

 

 

Back in our rule set editor, expand the Microsoft.Design category and select rule CA1044:

image

 

 

The first time you select a rule, you will be presented with this choice at the bottom of the rule set editor:

image

 

 

I suggest leaving the default settings and then click the OK button. When you do, you will then see the help entry for the rule you are currently looking at:

image

 

At this point we have gone from understanding the basic function of the predefined rule sets to understanding the categories of the rules in a set to understanding individual rules. From here you can explore the different rule sets and each of the rules in those sets to determine what rules may be interesting to you going forward. We will learn more about navigating these rule sets in the next tip.