What is New in Code Analysis for Visual Studio 2013

What is New in Code Analysis for Visual Studio 2013

Rate This
  • Comments 35

This post (addressing uservoice feedback on CA) was written by Nat Ayewah, a member of the code analysis team in Windows

Last year's release of Visual Studio 2012 marked a significant update to the Code Analysis experience in Visual Studio. We made code analysis available in more editions of Visual Studio, introduced a new user interface for viewing, filtering and stepping through results, and made accuracy and other improvements.

In Visual Studio 2013, our focus has been on fixing bugs in response to user feedback, and making a few more improvements to the user experience. Highlights include:

  • Categorization of results and enables users to filter by category
  • Users can now sort results by various properties including Rule ID, File Name and Category

Code Analysis Categories

Visual Studio 2013 introduces categories for native rules and exposes the existing managed code analysis categories in the user interface. These categories provide a more fine-grained grouping of defects to indicate, for example, if the defect is related to an annotation syntax error, a critical security vulnerability or a simple logic error. Categories are particularly helpful when dealing with a large list of warnings, which can be overwhelming without some guidance on which warnings to focus on first. With this change, users can focus their efforts on the categories that are most relevant to their needs. Users will immediately notice the new categories because they augment the results displayed in the code analysis viewer:

image

Users also have the option to filter the results by category using the search box, or select a specific category from a new dropdown button. By design, this button replaces the Error/Warning option that was in Visual Studio 2012. Users can still use the search box to separate errors from warnings.

image

Sorting Results

Visual Studio 2012 moved code analysis results out of the error list and into a new Code Analysis Viewer that makes it easier to read and filter results. It also provides a detailed explanation of the code path for some warnings. One key feature of the error list that was missing in the new viewer was the ability to sort the defect list. Visual Studio 2013 adds support for sorting to the new viewer by way of a new toolbar Sort button. Users can sort the defect list by six common properties or reset the list to its default sort order. Selecting a sort property twice results in a descending order sort:

image

In Closing

The code analysis team received lots of useful feedback from users that was used to improve the accuracy of the analysis for native code analysis. We also worked with partners to improve the quality of headers shipped with Windows and Drivers Kits. Please try out Visual Studio 2013 and check out the new Code Analysis features.

We would love to hear any questions or comments you have in the comments below or on our MSDN forum.

Leave a Comment
  • Please add 7 and 1 and type the answer here:
  • Post
  • @Michael,

    This was a bug in the Preview version of Visual Studio 2013, it has subsequently been fixed so you should not see this warning fired in that case in the next release of Visual Studio 2013

  • Andrew,

    Neat! Thanks. And now that I'm actually using the IDE, the categories are indeed quite spiffy.

  • What if any are the differences between C++ Static Code Analysis in VS2013 Pro, Premium and Ultimate please? Do we get addition analysis engines if we pay more?

  • @Tom, Professional contains all of Visual Studio's static analysis features, Premium and Ultimate do not have any additional static analysis capabilities

  • Any plans on having code analysis constantly run in the background? We have a fairly large project that takes about 5 minutes to run code analysis on. It would be nice to be able to avoid this step.

  • @Kevin, improving the performance and experience of code analysis for large builds is something that we are looking into for our next version.  However given we haven't finished releasing Visual Studio 2013 we don't have any definitive plans yet.

  • Any plans to officially sanction and support CA on build servers without the need to install+license VS?

  • @Kent: We're exploring what it looks like for Code Analysis to generally be more portable, both for the rules we ship and for rules you may write on your own. This would help many scenarios, including running Code Analysis on build servers, though we have nothing to announce there quite yet.

  • Is Code Analysis available for Visual Studio Express 2013 Web?

  • @JCS: Code Analysis is not available for Microsoft Visual Studio Express 2013 for Web.

  • How do we use the code analysis / code metrics from command line build in VS2013 and export the results to a csv file?

  • @Anubhav

    For code analysis, you can configure your project to run code analysis on command line build by going to the "Code Analysis" tab of the project properties and checking "Enable Code Analysis on Build". The results of the analysis will be put into an XML file named [target].CodeAnalysisLog.xml in the bin/debug folder. You can use excel to import this .xml file.

    For code metrics we have a command line powertool, but the version corresponding to VS2013 has not yet been published. We will be publishing this power tool in the next two weeks, please check back here and I will provide a link to it. For reference, the VS2012 code metrics powertool can be found here: www.microsoft.com/.../details.aspx.

  • Hi,

    Is there a published map somewhere detailing which warnings or errors fall into which category? I'm looking into writing a custom logger for VS 2012  that would do some of that filtering for us until we move to VS 2013, and if I could go ahead and assign the same categories when building reports, that would ease the transition.

    Also, are the categories user-customizable? I'm aware of Rule Sets, but it sounds like that's orthogonal to this categorization.

    Thanks,

    Jay

  • @Jay: For managed code, the following page lists the categories that each warning falls into: msdn.microsoft.com/.../ee1hzekz.aspx. For C++ the following page lists all of the warnings, but unfortunately does not list the categories: msdn.microsoft.com/.../a5b9aa09.aspx. However, you can find this information in the ruleset editor, because the warnings are grouped by their categories. We do not have a way to customize the categories.

    @Anubhav: The code metrics powertool is now available here: www.microsoft.com/.../details.aspx

  • @Dan

    Thanks, that's good to know.

    I've got VS 2013 on my machine now, and I was wondering if there were a way to aggregate the static analysis output from our main automated build, which uses multiple stand-alone projects rather than one umbrella solution. We save the build logs and some other outputs, but it appears if I want to use the Code Analysis window I'm limited to an interactive run on a single solution. Is there any way (short of adding all hundred of so of them into one massive solution file which we'd never be able to load at once interactively) to aggregate static analysis outputs from multiple projects and sort or view them with this tool?

    Thanks,

    Jay

Page 2 of 3 (35 items) 123