What is New in Code Analysis for Visual Studio 2013

What is New in Code Analysis for Visual Studio 2013

Rate This
  • Comments 34

This post (addressing uservoice feedback on CA) was written by Nat Ayewah, a member of the code analysis team in Windows

Last year's release of Visual Studio 2012 marked a significant update to the Code Analysis experience in Visual Studio. We made code analysis available in more editions of Visual Studio, introduced a new user interface for viewing, filtering and stepping through results, and made accuracy and other improvements.

In Visual Studio 2013, our focus has been on fixing bugs in response to user feedback, and making a few more improvements to the user experience. Highlights include:

  • Categorization of results and enables users to filter by category
  • Users can now sort results by various properties including Rule ID, File Name and Category

Code Analysis Categories

Visual Studio 2013 introduces categories for native rules and exposes the existing managed code analysis categories in the user interface. These categories provide a more fine-grained grouping of defects to indicate, for example, if the defect is related to an annotation syntax error, a critical security vulnerability or a simple logic error. Categories are particularly helpful when dealing with a large list of warnings, which can be overwhelming without some guidance on which warnings to focus on first. With this change, users can focus their efforts on the categories that are most relevant to their needs. Users will immediately notice the new categories because they augment the results displayed in the code analysis viewer:

image

Users also have the option to filter the results by category using the search box, or select a specific category from a new dropdown button. By design, this button replaces the Error/Warning option that was in Visual Studio 2012. Users can still use the search box to separate errors from warnings.

image

Sorting Results

Visual Studio 2012 moved code analysis results out of the error list and into a new Code Analysis Viewer that makes it easier to read and filter results. It also provides a detailed explanation of the code path for some warnings. One key feature of the error list that was missing in the new viewer was the ability to sort the defect list. Visual Studio 2013 adds support for sorting to the new viewer by way of a new toolbar Sort button. Users can sort the defect list by six common properties or reset the list to its default sort order. Selecting a sort property twice results in a descending order sort:

image

In Closing

The code analysis team received lots of useful feedback from users that was used to improve the accuracy of the analysis for native code analysis. We also worked with partners to improve the quality of headers shipped with Windows and Drivers Kits. Please try out Visual Studio 2013 and check out the new Code Analysis features.

We would love to hear any questions or comments you have in the comments below or on our MSDN forum.

Leave a Comment
  • Please add 8 and 5 and type the answer here:
  • Post
  • Great that the headers shipping with Windows SDK/DDK are improved.   Just need the MFC/ATL headers to be correctly annotated now....  

    Are there any changes to the annotations available, or are the VS2012 list of annotations still the current list?

  • Any plans to update standalone FxCop seeing that Code Analysis is still not supported in the Professional Edition?

  • A huge deal would be if you would add a filtering option that would allow the developer to filter out CA messages only for the files that are currently checked-out.

    The reason is that when the existing codebase contains many warnings it is very easy to introduce new ones just because you don't find your changes in the list.

  • @Knaģis, why not run code analysis on the whole project. Then suppress them all in the Global Suppression file, as and when you change code you will invalidate the global suppression and be force to fix them.

  • @Josh

    We’ve improved annotations in MFC/ATL headers, but there’s no change in terms of annotations available in VS 2013 compared with VS 2012.

  • @Carel

    Full code analysis functionality was moved to the Professional addition of Visual Studio in 2012, with limited functionality included in the Express editions

  • What are the plans for FxCop? It seems like it's being retired.

  • Is there any plan to add the new Code Analysis to SSDT?

  • Nope, at this time there are no plans to add the new Code Analysis to SSDT

  • @Vince,

    Are you referring to the FxCop standalone, or FxCop in Visual Studio?  We removed the standalone FxCop from the Windows SDK for several reasons, including 1. There was a desire to reduce the size of the Windows SDK, and distinguish between components that were truly Windows versus Visual Studio components.  2.  As I mentioned below full FxCop support was moved into the Professional Edition of Visual Studio 2012 with limited support included in the Express versions.  FxCop continues to be fully supported in the Visual Studio IDE.

  • This is a great step forward - I really missed being able to sort the CA warnings.

    One problem that I'm seeing with the new 2012/2013 window on my end is that it isn't always obvious to developers that there are CA warnings after a build.  Devs are used to checking the error list after building, and ignoring everything else.  This means that code often gets checked in with CA warning violations, which we want to avoid.

    It would be cool to have an option (something property that could be set in the csproj file) that would cause the existence of any CA warning violations to output a single warning in the Error List.  Something like "Warning: there were one or more Code Analysis issues; see the {link}Code Analysis{/link} window for details.

  • @RobSiklos

    Thanks for the great feedback.  This experience is something that we are looking to improve in the future, while unfortunately it won't make it into Visual Studio 2013 RTM, it is on our radar.  

    As a workaround at the moment, you could consider creating a custom ruleset where you set the action for code analysis warnings to be Error which will fail your build if there are any.

  • Are there any improvements to exporting the CA issues to Excel or Word? This was way better in VS2010 when coming from the Errors window. In VS2012 from the Code Analysis window copy / paste doesn't cut it ;) Pasting in Excel does not result in separate columns for the issue number, title, file, line # etc.

  • @John,

    The behavior you want is still available, in Excel right click and choose "Paste special...", then choose "csv".  When we introduced the new code analysis window we added HTML formatting for pasting results into email per request, so when you copy from the window it puts the data into the clipboard as html, csv, and plain text.  Excel takes the HTML by default over the csv (I don't know the rational for this), but you can tell it to take the csv and it will paste each of these fields into a separate column.

  • Andrew,

    Should this raise a "using uninitialized memory" warning?

    #include <sal.h>

    void SetToZero(_Out_ int& out)

    {

       int* pi = &out;

       *pi = 0;

    }

    It complains when taking the address of "out". Other operations are fine. Is there a different annotation that I should be using? This seems to be new to VS2013, but I don't know if that's because of a bug, or because of better checking -- I haven't put in enough time to actually learn SAL properly :-/ .

Page 1 of 3 (34 items) 123