Hands-On Lab
Using Code Analysis with Visual Studio 2012
to Improve Code Quality
Lab version:
11.0.60315.01 Update 2
Last updated:
4/9/2013
CONTENTS
OVERVIEW ................................................................................................................................................... 3
EXERCISE 1: INTRODUCTION TO CODE ANALYSIS .............................................................................. 4
EXERCISE 2: SUPPRESSING CODE ANALYSIS WARNINGS ................................................................. 9
Overview
The Code Analysis feature of Visual Studio performs static code analysis to help developers identify
potential design, globalization, interoperability, performance, security, and a host of other categories of
potential problems. Code Analysis can be run manually at any time from within the Visual Studio IDE, or
even setup to automatically run as part of a Team Build or check-in policy for Team Foundation Server.
In this lab, you will be introduced to Code Analysis, how to configure rules sets to use, and finally how to
suppress specific rules at a project and source code level.
Note: Code Analysis can be found in the Professional, Premium and Ultimate editions of Visual Studio
2012. A subset of the most critical Code Analysis warnings are included in the Express edition for free
(this applies to C++, C#, and Visual Basic code analysis).
Prerequisites
In order to complete this lab you will need the Visual Studio 2012 virtual machine provided by Microsoft.
For more information on acquiring and using this virtual machine, please see this blog post.
About the Fabrikam Fiber Scenario
This set of hands-on-labs uses a fictional company, Fabrikam Fiber, as a backdrop to the scenarios you
are learning about. Fabrikam Fiber provides cable television and related services to the United States.
They are growing rapidly and have embraced Windows Azure to scale their customer-facing web site
directly to end-users to allow them to self-service tickets and track technicians. They also use an onpremises ASP.NET MVC application for their customer service representatives to administer customer
orders.
In this set of hands-on labs, you will take part in a number of scenarios that involve the development
and testing team at Fabrikam Fiber. The team, which consists of 8-10 people, has decided to use Visual
Studio application lifecycle management tools to manage their source code, run their builds, test their
web sites, and plan and track the project.
Exercises
This hands-on lab includes the following exercises:
1. Introduction to Code Analysis
2. Supressing Code Analysis Warnings
Estimated time to complete this lab: 30 minutes.
Exercise 1: Introduction to Code Analysis
In this exercise, you will learn about the Code Analysis features in Visual Studio 2012 by configuring the
rule set used, performing code analysis on a sample project, and addressing some of the warnings that
are raised.
1. Log in as Julia. All user passwords are P2ssw0rd.
2. Open Microsoft Visual Studio from Start | All Programs | Microsoft Visual Studio 2012 | Visual
Studio 2012.
3. In Source Control Explorer (View | Other Windows | Source Control Explorer), navigate to
FabrikamFiber | Dev and load the FabrikamFiber.CallCenter solution file found within the
FabrikamFiber.CallCenter folder.
Figure 1
Loading Fabrikam solution
4. Rebuild the solution (Build | Rebuild Solution from the main menu). This step may take a few
minutes to complete.
5. In Solution Explorer, right-click on the FabrikamFiber.Web project node and select Properties.
6. Select the Code Analysis tab in the FabrikamFiber.Web project properties window.
Figure 2
Configuring Code Analysis for a project
Note: The Code Analysis tab allows you to choose from sets of rules rather than picking and
choosing from one flat list of rules.
7. Select the “Microsoft All Rules” option for the Rule Set to select the comprehensive set of
rules.
Figure 3
Configuring Code Analysis rule set to use
Note: Custom rule sets for C++ projects can be created in Visual Studio 2012 Professional,
Premium, or Ultimate editions.
8. In Solution Explorer, right-click on the FabrikamFiber.Web project node and select Run Code
Analysis from the context menu that appears. This might take a few minutes.
Figure 4
Location of contextual Run Code Analysis Command
9. The Code Analysis feature runs through static code analysis rules as defined by Microsoft and
displays the results in the Code Analysis window. Scroll through the list of results and read a few
of them.
Figure 5
Code Analysis results
Note: Depending on the version of FabrikamFiber that you are running, you may see more or
less results than depicted in screenshots.
Code Analysis rules can also be configured to show up as errors if desired.
10. The warnings produced by Code Analysis provide a wealth of information including a unique
category ID (such as CA1062 in screenshot above), a title, a description of the problem or
suggested fix, and the file location of the offending code.
11. The Code Analysis window contains a keyword filter text box where you can filter code analysis
results on warning number, text in the title or message of the warning, as well as filename or
function name.
Figure 6
Code Analysis window keyword filter
12. Find a warning that looks like it will be easy to fix quickly, such as the warning for CA1804 in the
screenshot above, and double-click on it to load the location in code.
Figure 7
Code Analysis errors are linked to source code
13. Perform the code fix necessary to resolve the warning. For CA1804, we are told that we should
remove unused locals. Resolve the warning by removing the declaration of the “report”
variable.
Figure 8
Removing unused local
14. Select Analyze | Run Code Analysis on FabrikamFiber.Web from the main menu and verify that
the warning disappears. There should be one less warning than before.
Exercise 2: Suppressing Code Analysis
Warnings
In this exercise, you will learn how to suppress Code Analysis warnings at the project and source level.
1. In the Code Analysis window, select the first three warnings that are not associated with a file
(they will be labeled “Global”). Imagine that we do not want to address the selected issues and
no longer want them to appear when Code Analysis executes.
2. By selecting those warnings, they will be automatically expanded. Right-click on the selected
warnings and select Suppress Message(s) | In Suppression File from the context menu. This will
add assembly level metadata to a project level GlobalSuppressions.cs file.
Note: You can also perform this operation by using the Actions link.
Figure 9
Suppressing specific code analysis rules at the project level
Figure 10
Suppressed rules are crossed out
3. Open the GlobalSuppressions.cs file from Solution Explorer to view the added code.
Figure 11
GlobalSuppressions.cs file content
4. Return to the Code Analysis window and scroll to the bottom of the list, take a look at the
second to the last Code Analysis warning that is listed, CA1704, which suggests correcting the
parameter name ‘serviceticket’. Double-click on it to go to the correct source location for the
fix.
5. Right-click on the parameter named ‘serviceticket’ and select Refactor | Rename… from the
context menu.
Figure 12
Renaming parameter
6. In the Rename window, change ‘serviceticket’ to ‘serviceTicket’ and select the OK button to
continue.
Figure 13
Rename window
7. In the Preview Changes – Rename window, review the proposed changes and select the Apply
button to complete the refactoring process.
Figure 14
Preview Changes – Rename window
8. Move on to the next Code Analysis warning by selecting it. Imagine that we want to suppress
this specific rule, but this time we only want applied to this particular source file. Right-click on
the warning and select Suppress Message(s) | In Source from the context menu that appears.
Figure 15
Location of In Source button
9. This applies a SuppressMessage attribute to the method.
Figure 16
Suppressing a Code Analysis rule at the source code level
10. Select Analyze | Run Code Analysis on FabrikamFiber.Web from the main menu and verify that
more of the warnings have been successfully addressed.
11. At this point, there are additional Code Analysis warnings that we could address, but imagine
that we simply want to ignore the remaining items for now. Click on the Settings button in the
Code Analysis window tool bar.
Figure 17
Location of the setting button for Code Analysis
12. Change the Rule Set for Project FabrikamFiber.Web from ‘Microsoft All Rules’ to ‘Microsoft
Managed Minimum Rules’ option. Select OK to close the window.
Figure 18
Change Rule Set
13. Select Analyze | Run Code Analysis on FabrikamFiber.Web from the main menu and verify that
the number of warnings has dramatically been reduced. The warnings that appear as the result
of using this rule set are more likely to be problematic during runtime.
To give feedback please write to [email protected]
Copyright © 2017 by Microsoft Corporation. All rights reserved.