Too many false positives when using FxCop

We are using FxCop and it generates too many false positives to our liking. For instance, if a private method is invoked using reflection, then this method is reported as potentially unused - understandable and we suppress this warning explicitly using the SuppressMessage attribute. However, FxCop reports the same warning for the methods invoked from that method, which we already suppressed warnings about. This is stupid and generates too much noise.

There are also false reports on member variables used in these methods. Also, there are problems with generic types (I even saw something about it in MS connect).

Anyway, I am wondering if anyone knows whether Microsoft is going to upgrade FxCop, because it seems to be stuck in version 1.36 for a long time.

B开发者_如何学JAVATW, I we do not use StyleCop, because it is way too picky and we just do not have the time to examine all the zillion messages in order to suppress them all. Besides, the StyleCop report seem to augment, rather than replace FxCop.

Maybe anyone can suggest a good alternative to FxCop?

We are using VS2008 pro.

Thanks.

Have a look at Gendarme, it's a lot like fxCop but from the Mono project.

Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compiler do not typically check or have not historically checked. -- http://www.mono-project.com/Gendarme

An alternative to FxCop would be to use the tool NDepend that lets write Code Rules over C# LINQ Queries (namely CQLinq). Disclaimer: I am one of the developers of the tool

More than 200 code rules are proposed by default. Customizing existing rules or creating your own rules is straightforward thanks to the well-known C# LINQ syntax.

To keep the number of false-positives low, CQLinq offers the unique capabilities to define what is the set JustMyCode through special code queries prefixed with notmycode. More explanations about this feature can be found here. Here are for example two notmycode default queries:

• Discard generated and designer Methods from JustMyCode
• Discard generated Types from JustMyCode

To keep the number of false-positives low, with CQLinq you can also focus rules result only on code added or code refactored, since a defined baseline in the past. See the following rule, that detect methods too complex added or refactored since the baseline:

warnif count > 0 
from m in Methods
where m.CyclomaticComplexity > 20 &&
      m.WasAdded() || m.CodeWasChanged()
select new { m, m.CyclomaticComplexity }

Finally, notice that with NDepend code rules can be verified live in Visual Studio and at build process time, in a generated HTML+javascript report.

Visual Studio now comes with Code analysis instead - a built-in FXCop:

Microsoft Visual Studio 2005 and Visual Studio 2008 Team System Development Editions both include "Code Analysis", which is based on FxCop.

You can write custom rules in FXCop if it doesn't do what you want.

If you use an FxCop project file, you can turn off rules and rule groups. This is a bit heavy-handed, but if particular rules are causing you issues, or simply do not apply, this is the way to go. And it saves you having to annotate your code. It's worth reviewing each rule that generates results and deciding whether it applies to you or not.

For what it's worth, the FxCop team are working on an update. I guess it's taking a while since there is a new code analysis engine in use.