Welcome Sign in
Visual Studio Team System 2008 Development Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Visual Studio 2005
 Guidelines for Using Code Analysis ...
This page is specific to
Microsoft Visual Studio 2005/.NET Framework 2.0

Other versions are also available for the following:
Visual Studio Team System
Guidelines for Using Code Analysis Tools

The following list provides several guidelines to help you select and manage code analysis warnings.

Recommended

  • Review warning categories.

    Because code analysis tools perform extensive checks for code defects, it is useful to have a basic understanding of the different warnings. For more information about warning categories, see Code Analysis for Managed Code Warnings or Code Analysis for C/C++ Warnings.

  • Analyze existing code.

    Depending on your project type, resources, and requirements choose the approach that best meets your needs.

    • Enable all warnings.

      Enable all the warnings and then review the warning list generated by the analysis tool to determine the warnings you want to enable.

    • Enable a subset of warnings.

      Review the warning categories to decide a subset of warnings to use in your project and enable only those warnings.

  • Analyze code under development.

    Because you are not dealing with existing code, we recommend that you enable all warnings and analyze code for defects throughout development. It is much easier to analyze and fix code as you develop it. Do not wait until the end of the development cycle to either analyze code or enable lots of warnings. This might put unnecessary pressure on team members and might jeopardize code security and stability.

  • Track warnings.

    After determining the warnings to use in your project, track them using work tracking features. For more information, see How to: Add New Work Items.

  • Fix warnings.

    There are several ways you can fix a warning:

    • Correct - fix the code and test it before checking it in.

    • Suppress - you can use the System.Diagnostics.CodeAnalysis.SuppressMessageAttribute attribute in managed code to suppress a warning caused by code at a particular location.

    • Disable - you can use the project property pages to disable warnings for all managed code. For C/C++, you can use a header file that lists all the warnings. Use this file to enable or disable warnings that are not required for your project.

    After the warning is fixed, change its status from warning to error. This helps keep your code clean.

  • Specify check-in requirement.

    You can set up code check-in policy to require code analysis to be run as part of the check-in policy. Only code that passes the analysis is allowed to be checked in. This will help make sure that the code that is checked in is clean. For more information about check-in policy, see Code Analysis Check-in Policies.

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Tremendous Feature!      Patrick Altman   |   Edit   |  

This is a tremendous feature that will instantly help you to improve your code quality.  It's almost like having the benefit of pair coding with the observor in this instance being the Code Analysis tools running it's ruleset against your entire solution. 

This feature is well worth the time getting to know and learning to use as part of your daily coding routine.

One example of what it found on some of my code that was buried deep within part of my framework many months ago was CA2233, telling me that I had a possible overflow condition.  Details of this can be found in my blog post at http://paltman.com/archive/2006/07/07/207.aspx.

Tags What's this?: Add a tag
Flag as ContentBug
Code Analysis Tool Helps a lot.      Coder24.com   |   Edit   |  

Hello!

The Code Analysis tool helps a lot, It helped me when I start coding first time, there where no errors or warning and even no messages, but when I turned on the code analysis, and start to debug once again it show me about: 10 errors and 20 warnings with security code errors and wrong buffer, and other syntax coding errors. But when I begin to use the code analysis tool it begin to help a lot, and I didn’t need to think about security on my code.
Visit my website: http://www.coder24.com
By: Fisnik

Tags What's this?: Add a tag
Flag as ContentBug
Little Comparision to FxCop      Vaidyanathan Alagappan   |   Edit   |  

I work on a on-going project for past two years, which has thousands of files. I cannot enable the Code Analysis only for the new development. In other words, i cannot go class by class to suppress the Code Analyses. FxCop allows us to select the classes for which we need to have code analysis run. That may be the only dis-advantage with the integrated Code Analysis Tool. Hope this is facilitated in the new versions of Code Analysis Tool.

Otherwise, it helps us during coding and compile time, where FxCop, will help only after compile time.

Tags What's this?: Add a tag
Flag as ContentBug
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker