All geek questions in one place

Too many false positives when using FxCop

We use FxCop and generate too many false positives to our liking. For example, if a private method is called using reflection, then this method is reported as potentially unused - clear, and we suppress this warning explicitly using the SuppressMessage attribute. However, FxCop reports the same warning for methods called by this method that we have already suppressed warnings about. This is stupid and makes too much noise.

There are also false reports of member variables used in these methods. In addition, there are problems with generic types (I even saw something about this in MS connect).

In any case, I wonder if anyone knows if Microsoft is going to update FxCop because it seems to be stuck in version 1.36 for a long time.

By the way, I don’t use StyleCop because it is too picky and we just don’t have time to study all zillion messages to suppress them all. Additionally, the StyleCop report seems to complement, not replace, FxCop.

Can anyone suggest a good alternative to FxCop?

We are using VS2008 pro.

Thanks.

+4
source share
4 answers

Look at Gendarme , it is very similar to fxCop, but from the Mono project.

The Gendarme is an extensible rule-based tool for finding problems in .NET applications and libraries. The gendarme checks programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that the compiler usually does not check or did not check historically. - http://www.mono-project.com/Gendarme

+4
source

An alternative to FxCop is to use the NDepend tool, which allows you to write Code Rules for LINQ C # queries (namely CQLinq) . Disclaimer: I am one of the developers of this tool

By default, 200 code rules are suggested. Setting up existing rules or creating your own rules directly because of the well-known C # LINQ syntax.

To keep the number of false positives low, CQLinq offers unique possibilities for determining what JustMyCode is installed using special code queries with the prefix notmycode . More about this feature can be found here . Here, for example, are two default requests notmycode by default:

So that the number of false positives is low, CQLinq can also focus the rules, the result is only on the added code or the reorganized code, since a certain baseline is bypassed . See the following rule: it’s too difficult to add or reorganize methods from a basic level:

warnif count > 0 from m in Methods where m.CyclomaticComplexity > 20 && m.WasAdded() || m.CodeWasChanged() select new { m, m.CyclomaticComplexity }

Finally, note that using the NDepend code rules, you can verify that you live in Visual Studio and during the build process into the generated HTML + javascript report .

+1
source

Visual Studio now uses code analysis instead - the built-in FXCop:

Microsoft Visual Studio 2005 and the Visual Studio 2008 Command System Development publications include: "Code Analysis" based on FxCop.

You can write custom rules in FXCop if it does not do what you want.

0
source

If you use the FxCop project file, you can disable the rules and rule groups. It's a little hard, but if certain rules cause problems or just don't apply, this is the way to go. And it saves you from having to comment on your code. It is worth considering each rule that generates results and decides whether it applies to you or not.

For what it's worth, the FxCop team is working on an upgrade . I assume this takes some time, as the new code analysis engine is used .

0
source

Source: https://habr.com/ru/post/1311064/

More articles:


All Articles