Static Code Analysis has been present in Visual Studio IDE since the earlier versions, and has been evolving with each release.
In this article, we will look at few usability issues of the Code Analysis in Visual Studio 2013 and how it has been improved in the recent release of Visual Studio 2015 Update 1.
Static Code Analysis is a great tool which checks our code for violations of best practices and helps to increase the efficiency of our code review. I have already discussed about it in details in my previous blog and would highly recommend you to go through it first.
Let us consider a particular scenario – We have a large scale application and as part of a current enhancement, we have made changes in multiple projects within our solution.
Visual Studio 2013 gives us the option to run Code Analysis on any particular project or on the entire solution. But there is no option to view the code analysis results for only my changes. This has been one of my biggest complains about the Code Analysis feature – a developer or a reviewer need not scan across all the code analysis warnings/errors and find out manually if there are any warnings/errors associated with his/her current code changes.
Refer the below screenshot. Visual Studio 2013 displays the result of code analysis in a separate ‘Code Analysis’ window. There is an option to filter the result set by project name and categories, but you cannot filter it to review only your current code changes.
While reviewing the Code Analysis warnings/errors, we need to use our judgement to identify the false positives and not get carried away by implementing all the changes suggested. Here comes the option to Suppress Code Analysis Warnings to a separate file known as ‘GlobalSuppressions’
In Visual Studio 2013, reviewing and suppressing the warnings is a tedious process. Let us consider a scenario where we run Code Analysis for our project and it gives us back 700 warnings. There is every chance that a developer gets intimidated by this huge number, and actually stops using the Code Analysis feature. It happened to me as well.
Refer the screenshot below. To suppress the code analysis warnings, we need to manually right click on a particular warning and add it to the Source or Suppression file. Once you do that, that warning gets displayed as striked off. But if you want to suppress a large number of warnings or baseline the known warnings, it would require lots of manual effort.
Improvements in Visual Studio 2015
In Visual Studio 2015, the Code Analysis results can be viewed in the Error Window itself.
Visual Studio 2015 Update 1 provides an option to view the code analysis warnings/messages for only my code changes. Selecting ‘Changed Documents’ filter will show the warnings pertaining to only the files where you have made modifications – and hence makes it lot convenient to use.
This feature will encourage developers/reviewers to use the Code Analysis feature before checking in their code to source control.
There is an option available to suppress all the Code Analysis warnings to a GlobalSuppression file.
This is another helpful feature which will encourage developers to start using Code Analysis and not get intimidated by a high number of warnings upfront.
Once we handle all the critical and required warnings, we can suppress the remaining warnings & can establish a baseline – with a single button click. This will ensure that we have a clean build, without any code analysis warnings, and is always a good point to start following coding best practices in any application.
In a development life cycle, it is always advisable to run code analysis at an earlier stage – preferably before code check-in. This will ensure that we maintain a high code quality and stop our technical debt from growing.
These are two great features of Code Analysis in Visual Studio 2015 Update 1 and am sure it will go a long way in convincing the community members to embrace this tool.
My previous related articles-
Improve your Code Quality using Live Code Analyzers
Manage your Technical Debt with Visual Studio 2015 and SonarQube