Sunday 13 September 2009

FXCop an Automated tool for code review

Introduction
Thanks to FXCop teams and Microsoft for presenting FXCop tool to us for analysis of code. This is widely used for code review purpose. And which analyze compiled .NET assemblies for compliance. It is a tool to check your code against the rules or guidelines defined by FXCop engine and/or your own rules. It is freely available from Microsoft. You can download it from here.
FXCop supports assemblies written in C#, VB.NET, C++/CLI, and other managed .NET languages.
Thanks to NITIN for explaining FXCop tool which helped me to go deep inside FXCop functionality, purpose and integration with VS.Net.

FXCop Aims
FXCop aims to make it easy to Act in accordance with someone's rules, commands, or wishes by scanning compiled assemblies/dll/exe and creating a report that listed out the details coding violations and suggests code fixes and improvements.
Modes of Operation
FXCop can be operated in two modes:
1. Through GUI and
2. Through command-line mode.
Behind the screen
FXCop (1.30 and higher) performs analysis through a technique called Introspection. The use of the Introspection engine allows for much faster/ richer analysis infrastructure and supports multithreaded analysis to read the code of your assembly and process against predefined rules categorized as naming conventions, library design, localization, security, performance, portability, interoperability etc.
Every assembly in .NET has metadata, which describes the assembly and all types used in the assembly.
FXCop uses this metadata to learn what is going on in the code. In addition, it examines the Microsoft Intermediate Language (MSIL) generated when code is compiled. The combination of examining the metadata and MSIL provides FXCop plenty of information to gain an understanding of what the code is doing. It compares your code against the rules and generates a message for every instance where code doesn't conform to the rules.

Rules defined by FXCop

1. Design Rules
2. Globalization Rules
3. Interoperability Rules
4. Mobility Rules
5. Naming Rules
6. Performance Rules
7. Portability Rules
8. Security Rules
9. Usage Rules
Last but not the least: The FXCop Introspection engine can be leveraged to develop custom FXCop rules specific to the project needs.

Report generation

The report generated by an FXCop run detail the violations and the files, where they are found; as shown in the below figure. These are then fixed by developers; the code is then committed and FXCop is re-run to check if the code has successfully passed through all the checks.

fig: Report generated by FXCop.

Integrate with Visual studio

In the Visual Studio .NET IDE, navigate to Tools -> External Tools option;

on click of External tool one new dialog box would open.click on Add button to display the new configuration dialog box as below:

fig: Adding FXCop to External toll

On new windows set the parameter as below:
1. ADD: Click on ADD button to add an Fxcop as external tool
2. Title: provide an external toll name (something like FxCop).
3. Command: To set the value of the Command text box, browse to the location where FxCop
is installed, and select FxCopCmd.exe. (in my case it is at
C :\Program Files\Microsoft FxCop 1.36\FxCopCmd.exe)
4. Argument : In the Arguments text box, specify /console (or /c) in addition to any command-
line options you use when running the analysis from the command line. The
value of a command-line option must be enclosed in quotation marks if the value
contains any spaces. in my case i have set the value as :
/c /f:"D:\NWAAutomationCode\bin\Debug" /r:"C:\Program
Files\Microsoft FxCop 1.36\Rules" /consolexsl:"C:\Program
Files\Microsoft FxCop 1.36 \Xml\VSConsoleOutput.xsl"

Some key arguments explained below:

/c direct FXCop analysis to console or output window in IDE.

/f: - where indicates the executable (EXE), or Dynamic Link
Library (DLL), or a directory to browse for target assemblies
("D:\NWAAutomationCode\bin\Debug").

/p: - indicates the FXCop project as the input parameter, and refers to the
Corresponding FXCop project file.

/s - Indicates FXCop to include the summary report with the informational message. • /r: - Indicates the directory location where FXCop rules library is saved (typically \Microsoft FxCop 1.36\Rules). This will load the entire rules library (.dll files) from the path, during the run.

5. Initial Directory : Set the Initial Directory to the location where FxCopCmd should start.
("C:\Program Files\Microsoft FxCop 1.36")

6. Select the Use Output window check box.

7. Click OK.

at last we have integarted FXCop to our VS.Net.
Now to Run this FXCop for Code Review analysis Click on Tools, under drop down menu select FXCop as shown below:
fig: Run FXcop through VS.Net


On click of FXCop ,the FXCop Engine would start Analysis our code w.r.t selected Rules and The analysis results will be posted in the "Output Window" of VS with the rule name, code file name, and error details as shown below ,The developer can click on the relevant FXCop error and navigate to the source-code to understand the problem and then fix it.


fig: OutPut Report by FXCop
Hope it would be Usefull for all of you.
Comments and suggestion always welcome.
Please feel free to put some comments.

References:
1. http://msdn.microsoft.com/en-gb/magazine/cc188721.aspx
2. http://www.binarycoder.net/fxcop/html/tutorial.html
3. http://www.codeproject.com/KB/dotnet/FxCopIntegrateVSNET.aspx
4. http://articles.techrepublic.com.com/5100-10878_11-6152637.html
Thanks,
Md.Jawed