Navigating a new codebase can feel like like landing on an alien planet. That's where static code analysis tools come in handy; they're akin to software tricorders. They provide a general snapshot of unfamiliar code: Is it normal? Is it unusual? Is it dangerous?*
This is a companion discussion topic for the original blog entry at: http://www.codinghorror.com/blog/2005/09/managed-code-analysis-tools.html
I can’t resist adding DevPartner SecurityChecker to the above list. While it doesn’t cover everything FxCop does, I think it does a much better job on the security front… I’m a little biased though.
I also like NDepend.
The FxCop article you linked to is a good place to start looking at FxCop, but there are a number of more fleshed out articles/sample rules using the introspection engine available.
there are a number of more fleshed out articles/sample rules using the introspection engine available
It’s helpful to provide links
Thanks for the pointers Raymond. Robin’s blog has some excellent info, and I have linked it in the original post!
I can’t resist adding DevPartner SecurityChecker to the above list.
Interesting. We use FxCop mostly for security audits internally… here’s an overview/review of SecurityChecker
I really like NDepend. Back in July, I held an XP seminar/workshop where part of my “simplicity” discussion I discussed analyzing and using code metrics to create and maintain simple code. One attendee, Robin Curry, was apparently excited by what I had to say and really took off on his own into using code metrics. He’s even put up quite a few posts on integrating code metric apps, such as NDepends, into the build process. Here is the post where he integrated NDepend into CruiseControl: http://www.robincurry.org/blog/CommentView,guid,3640af37-9a2c-441d-acf9-f79017123cb2.aspx
I just released NDepend 2.0 with some major enhancements such as an interactive view of your application and a language dedicated to query and constraint the structure of your code: Code Query Language.
Stumbled upon this old post again, and though I know I shouldn’t be adding anything…
Ndepend is neat, I am sure, but why does every little tool cost $300-$500 now? At least price the damn things less than Vista Ultimate.
Check out SemmleCode (http://semmle.com). It’s free, it’s object-oriented, and tightly integrated with Eclipse.
The object-oriented code query language .QL enables superior intellisense (and thus makes writing queries easier), it allows very concise expression of new code queries, and it make such queries easy to share and re-use.
Let us know what you think on the forums at http://semmle.com!
[disclosure: I’m a prof at Oxford working on static analysis tools and the CEO of Semmle]