What static analysis tools are available for C#?
Code violation detection Tools:
FxCop, excellent tool by Microsoft. Check compliance with .NET framework guidelines.
Edit October 2010: No longer available as a standalone download. It is now included in the Windows SDK and after installation can be found in
Program Files\Microsoft SDKs\Windows\ [v7.1] \Bin\FXCop\FxCopSetup.exe
Edit February 2018: This functionality has now been integrated into Visual Studio 2012 and later as Code Analysis
Clocksharp, based on code source analysis (to C# 2.0)
Mono.Gendarme, similar to FxCop but with an open source licence (based on Mono.Cecil)
Smokey, similar to FxCop and Gendarme, based on Mono.Cecil. No longer on development, the main developer works with Gendarme team now.
Coverity Prevent™ for C#, commercial product
PRQA QA·C#, commercial product
PVS-Studio, commercial product
CAT.NET, visual studio addin that helps identification of security flaws Edit November 2019: Link is dead.
CodeIt.Right
Spec#
Pex
SonarQube, FOSS & Commercial options to support writing cleaner and safer code.
Quality Metric Tools:
- NDepend, great visual tool. Useful for code metrics, rules, diff, coupling and dependency studies.
- Nitriq, free, can easily write your own metrics/constraints, nice visualizations. Edit February 2018: download links now dead. Edit June 17, 2019: Links not dead.
- RSM Squared, based on code source analysis
- C# Metrics, using a full parse of C#
- SourceMonitor, an old tool that occasionally gets updates
- Code Metrics, a Reflector add-in
- Vil, old tool that doesn't support .NET 2.0. Edit January 2018: Link now dead
Checking Style Tools:
- StyleCop, Microsoft tool ( run from inside of Visual Studio or integrated into an MSBuild project). Also available as an extension for Visual Studio 2015 and C#6.0
- Agent Smith, code style validation plugin for ReSharper
Duplication Detection:
- Simian, based on source code. Works with plenty languages.
- CloneDR, detects parameterized clones only on language boundaries (also handles many languages other than C#)
- Clone Detective a Visual Studio plugin (which uses ConQAT internally)
- Atomiq, based on source code, plenty of languages, cool "wheel" visualization
General Refactoring tools
- ReSharper - Majorly cool C# code analysis and refactoring features
Looking for a Static Code Analysis Tool For Concurrency in .NET like CheckThread for java
Here are a set of resources to help with concurrent programming...they are a mixture of static and runtime based tools.
Intel Inspector XE/Parallel Studio
Intel do some tools inside Parallel Studio that help with concurrent development, however their Parallel Advisor is only for C/C++.
But for C# you can do runtime thread checking with their Inspector XE (formerly Intel Thread Checker)
- http://software.intel.com/en-us/articles/intel-inspector-xe/.
PRESharp (Microsoft Center for Software Excellence)
There appears to be something called PRESharp mentioned here:
- http://www.microsoft.com/windows/cse/pa_projects.mspx
Now I haven't heard of that before...only the similar sounding PREFast which I have used to statically analyse some C driver code in the past. I suspect that it's an internal Microsoft tool that no one else gets to use unless you get special access.
Static Analysis Tools
A big list of static analysis tools here (e.g. FXCop).
- What static analysis tools are available for C#?
and Typemock Racer mentioned here:
- C#/.NET analysis tool to find race conditions/deadlocks
and of note is Coverity Prevent which claims to detect concurrency defects by statically analysing C/C++, Java or C# code (rated by NASA).
http://www.verifysoft.com/en_coverity_prevent_concurrency.html
http://www.theregister.co.uk/2012/08/22/mars_rover_software_coverity/)
WinDBG + SOSEX
Other tools to help with concurrent programming are WinDBG (part of the Windows Debugging Tools which is distributed inside the Windows SDK) which is more powerful than the Visual Studio debugger.
- http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
Note: you can now use a more powerful User Mode debugger from inside Visual Studio 2012 which has parity with WinDBG if you install the Windows Driver Kit 8 in your system.
http://msdn.microsoft.com/en-us/library/windows/hardware/gg487428.aspx
http://blogs.msdn.com/b/mariohewardt/archive/2012/06/05/visual-studio-2012-and-windbg-integration.aspx
You can also get plugins to WinDBG that extend it e.g. the SOSEX plugin adds the !dlk
command which can help identify the cause of a deadlock.
http://stevestechspot.com/
http://blog.scriptico.com/04/debugging-with-windbg-deadlocks-in-applications/
Debugging a Deadlock with Windbg's !clrstack command
http://blogs.msdn.com/b/tess/archive/2008/02/11/hang-caused-by-gc-xml-deadlock.aspx
Concurrency Visualizer (in Visual Studio 2010+)
There is the Concurrency Visualizer in Visual Studio and an SDK to go with it.
http://msdn.microsoft.com/en-us/library/dd537632.aspx
http://blogs.msdn.com/b/visualizeparallel/archive/2011/10/17/introducing-the-concurrency-visualizer-sdk.aspx
http://msdn.microsoft.com/en-us/magazine/ee336027.aspx
http://msdn.microsoft.com/en-us/magazine/ee410778.aspx
General Concurrent Programming Design Considerations
http://msdn.microsoft.com/en-us/magazine/cc817398.aspx
http://msdn.microsoft.com/en-us/library/ff963553.aspx
http://msdn.microsoft.com/en-us/magazine/cc872852.aspx
http://msdn.microsoft.com/en-us/magazine/cc163744.aspx
http://www.packtpub.com/beginners-guide-for-C-sharp-2008-and-2005-threaded-programming/book
Video Resources
Here's a brilliant series of Videos that give you general advice on debugging .NET applications:
- http://channel9.msdn.com/Series/-NET-Debugging-Stater-Kit-for-the-Production-Environment/Diagnosing-Application-Issues-01
Source code analysis tools for C#
There are many plugins for reflector (which is also free):
Reflector Add-Ins
I believe the CodeMetrics plugin does what you need
Static source code analysis for C# that operates on source code level
IIRC, SourceMonitor works at the code level and also Microsoft StyleCop.
SourceMonitor:
The freeware program SourceMonitor
lets you see inside your software
source code to find out how much code
you have and to identify the relative
complexity of your modules.
StyleCop:
StyleCop analyzes C# source code to
enforce a set of style and consistency
rules. It can be run from inside of
Visual Studio or integrated into an
MSBuild project.
Static code analysis tool for .NET Core
My search via Calculate Code Metrics for .NET Core Projects? and other investigation got me to the conclusion that we have to wait until the tooling from Microsoft, Jetbrains or others is ready.
In Resharper 2016.2 (RC version is now available) some initial work has been done; but unit tests and code analysis is announce for the post 2016.2 version. I am eager for the Early Access Versions.
NDepend and Microsoft-Tooling are lacking support today, too. I hope to see this tooling until the end of this year.
Recommended static program analysis tool for VS2010
VS2010 comes with Code Analysis built-in. This is essentially an integrated version of FxCop.
ReSharper also does its own static analysis and can find a number of bugs/inconsistencies/etc. in your C# code.
Static Code Analysis through API
There are several options that you can go with:
- nDepend - a commercial static analysis tool for .NET (no JS support)
- Use Visual Studio automation and API
- Take a look at the Roslyn CTP
- StyleCop and FxCop
Most of these will help with .NET (C# and VB.NET), but not with JS. For JS you may be able to use jsLint, though I don't know how automateable that can be.
Related Topics
How Do the Major C# Di/Ioc Frameworks Compare
Http Error 500.30 - Ancm In-Process Start Failure
Excel Interop - Efficiency and Performance
Performance Surprise with "As" and Nullable Types
Most Efficient Way to Test Equality of Lambda Expressions
An Implementation of the Fast Fourier Transform (Fft) in C#
How to Update UI from Another Thread Running in Another Class
How to Select Distinct Rows in a Datatable and Store into an Array
How to Pass Values (Parameters) Between Xaml Pages
What Is the Use of "Ref" for Reference-Type Variables in C#
Response.Redirect to New Window
Best Way to Access a Control on Another Form in Windows Forms