Walkthrough: Use static code analysis to find code defects

In this walkthrough, you'll analyze a managed project for code defects by using legacy code analysis.

This article steps you through the process of using legacy analysis to analyze your .NET managed code assemblies for conformance with the .NET design guidelines.

Create a class library

1. Open Visual Studio and create a new project from the Class Library (.NET Framework) template.

2. Name the project CodeAnalysisManagedDemo.

3. After the project is created, open the Class1.cs file.

4. Replace the existing text in Class1.cs with the following code:

   using System;
   
   namespace testCode
   {
       public class demo : Exception
       {
           public static void Initialize(int size) { }
           protected static readonly int _item;
           public static int item { get { return _item; } }
       }
   }
   

5. Save the Class1.cs file.

Analyze the project for code defects

1. Select the CodeAnalysisManagedDemo project in Solution Explorer.

2. On the Project menu, click Properties.

   The CodeAnalysisManagedDemo properties page is displayed.

3. Choose the Code Analysis tab.

4. Make sure that Run on build is selected in the Binary analyzers section.

5. From the Active rules dropdown list, select Microsoft All Rules.

6. On the File menu, click Save Selected Items, and then close the properties pages.

7. On the Build menu, click Build CodeAnalysisManagedDemo.

   The CodeAnalysisManagedDemo project build warnings are shown in the Error List and Output windows.

Correct the code analysis issues

1. On the View menu, choose Error List.

   Depending on the developer profile that you chose, you might have to point to Other Windows on the View menu, and then choose Error List.

2. In Solution Explorer, choose Show All Files.

3. Expand the Properties node, and then open the AssemblyInfo.cs file.

4. Use the following tips to correct the warnings:

   CA1014: Mark assemblies with CLSCompliantAttribute: Add the code [assembly: CLSCompliant(true)] to the end of the AssemblyInfo.cs file.

   CA1032: Implement standard exception constructors: Add the constructor public demo (String s) : base(s) { } to the class demo.

   CA1032: Implement standard exception constructors: Add the constructor public demo (String s, Exception e) : base(s, e) { } to the class demo.

   CA1032: Implement standard exception constructors: Add the constructor protected demo (SerializationInfo info, StreamingContext context) : base(info, context) { } to the class demo. You'll also need to add a using statement for System.Runtime.Serialization.

   CA1032: Implement standard exception constructors: Add the constructor public demo () : base() { } to the class demo.

   CA1709: Identifiers should be cased correctly: Change the casing of the namespace testCode to TestCode.

   CA1709: Identifiers should be cased correctly: Change the name of the member to Demo.

   CA1709: Identifiers should be cased correctly: Change the name of the member to Item.

   CA1710: Identifiers should have correct suffix: Change the name of the class and its constructors to DemoException.

   CA2237: Mark ISerializable types with SerializableAttribute: Add the [Serializable ()] attribute to the class demo.

   CA2210: Assemblies should have valid strong names: Sign 'CodeAnalysisManagedDemo' with a strong name key:

   1. On the Project menu, choose CodeAnalysisManagedDemo Properties.

      The project properties appear.

   2. Choose the Signing tab.

   3. Select the Sign the assembly checkbox.

   4. In the Choose a string name key file list, select <New>.

      The Create Strong Name Key dialog box appears.

   5. For Key file name, enter TestKey.

   6. Enter a password, and then choose OK.

   7. On the File menu, choose Save Selected Items, and then close the property pages.

   After you complete all the changes, the Class1.cs file should look like the following:

   using System;
   using System.Runtime.Serialization;
   
   namespace TestCode
   {
       [Serializable()]
       public class DemoException : Exception
       {
           public DemoException () : base() { }
           public DemoException(String s) : base(s) { }
           public DemoException(String s, Exception e) : base(s, e) { }
           protected DemoException(SerializationInfo info, StreamingContext context) : base(info, context) { }
   
           public static void Initialize(int size) { }
           protected static readonly int _item;
           public static int Item { get { return _item; } }
       }
   }
   

5. Rebuild the project.

Exclude code analysis warnings

1. For each of the remaining warnings, do the following:

   1. Select the warning in the Error List.

   2. From the right-click menu (context menu), choose Suppress > In Suppression File.

2. Rebuild the project.

   The project builds without any warnings or errors.

Related content

Code analysis for managed code