Consider i have a C# code, I need some tool that would perform an analysis of my code and report bugs and vulnerabilities. Are there any open source tools, something like klocwork.?
Add a comment
|
7 Answers
FxCop can perform static analysis of compiled assemblies, ReSharper can analyze your program at source code level. Certain editions of Visual Studio have Code Analysis built into them.
As a sidenote: get up to speed on unit testing (think NUnit et al.)
Comments
fxcop would be my first choice
Comments
Yeah, write unit tests and use NUnit to run them. If you're looking for something like static analysis, you should use something like FxCop. You're not going to find a piece of software that will identify bugs automatically for you, but with unit testing and static analysis, you can get pretty close.
2 Comments
Marc Gravell
"You're not going to find a piece of software that will identify bugs automatically for you"; Actually, PEX can do this. Not all of them, but definitely some. See my reply...
Alex Fort
I'm pretty sure that there won't ever be a bit of software that can identify all bugs. Because you know, the halting problem and all. That looks like some interesting software, however.. I'll take a look at it.
I use Gendarme
Comments
PEX might be a good start - it will attempt to brute-force its way into every code branch; but ultimately, only you know what it is meant to do. You should be writing unit tests as you go, perhaps with NUnit and TestDriven.NET.
Comments
FxCop is a static analysis framework available from Microsoft that works on Compiled Assemblies so it's good for any .Net Language
http://msdn.microsoft.com/en-us/library/bb429476(VS.80).aspx
If you're looking for strictly code analysis you may want to try Style Cop. It's more for ensuring consistency though.
Comments
In addition to FxCop already mentioned I'd add StyleCop to check if the code matches the coding guidelines. Next there'd be unit testing tools like NUnit or my personal favorite MbUnit or Pex and finally some tool to ensure you've handled all exceptions appropriately - again Pex or Exception Hunter.
