All our developers are using VS2010 professional so code analysis is not available. I want them to use FxCop to analyze the code before checking in. I have gone through the rules and disabled a bunch of them and added couple of them. I want all the developers to use same set of rules since it will be the rules used in MSBuild. How do I distribute the rule set to be used in FxCop? What files need to be distributed and where is it supposed to go to?
An alternative or a good complement to FxCop would be to use the commercial tool NDepend. With this tool one can write Code Rule over LINQ Queries (namely CQLinq). Disclaimer: I am one of the developers of the tool
More than 200 code rules are proposed by default, these include design, architecture, code quality, code evolution, naming conventions, dead code, .NET Fx usage...
CQLinq is dedicated to write code rules that can be verified live in Visual Studio, or that can be verified during build process and reported in an HTML/javascript report.
The strength of CQLinq over FxCop, is that it is straightforward to write/customize/share a code rule, and get immediately results. Facilities are proposed to browse matched code elements. Concretely this looks like that:
When using stand-alone FxCop, you can create an FxCop project file (with extension .fxcop) which contains the list rules that are to be used in the analysis. (Typically, the file will also include the list of target assemblies, although this is optional.) This file may be checked into source control with your code in order to distribute it to the developers working on the shared code base.
Related
I have discovered that our SQL statements are appearing in our compiled DLL files in our WinForms projects. What are some good methods of hiding these statements in the DLL files?
The term you are looking for is obfuscation and there are several commercial products that will do that, as well as some open source ones.
Bear in mind, that someone determined enough will be able to see the strings. That can be done through de-obfuscation techniques or by examining the strings at run time with a debugger like WinDbg.
Obfuscators should be used to protect intellectual property, at best. They should not be counted on for the security of your application. If you are hard coding credentials in your application, I would instead re-consider where they are getting stored or retrieved from. There is no "one-size" answer for that.
We are looking for quick basic decompiler. The program is very old, written in DOS now we wish to enhance that code in Windows with additional functionalities. Unfortunately the developer is not traceable and only hope is decompilation.
Please suggest the best way to achieve this challenge.
Thank you
[ By Dan in the QB forum on http://qbasicnews.com , May 04, 2003 ]
Here's Microsoft's response to that question:
Microsoft does not currently offer any product capable of "decompiling" an object (.OBJ) or executable (.EXE) file back to the original source code (.BAS). The following are several reasons for this:
No decompiler could exactly reproduce the original source code.
When a program is compiled to an object and linked to produce an executable, most of the "names" used in the original program are converted to addresses. This loss of names means that a decompiler would have to create unique names for all the variables, procedures, and labels, and these names would not be meaningful in the context of the program.
Obviously, source language syntax no longer exists in the compiled object file or executable. It would be very difficult for a decompiler to interpret the series of machine language instructions that exist in an object or executable file and decide what the original source language instruction was.
If such a decompiler did exist and was available, anyone could use it to decompile any executable program produced in the language the decompiler was designed for.
For instance, if a Microsoft BASIC decompiler existed, anyone with that decompiler could use it on an executable that you had produced and from that executable obtain a copy of your source code. The source code to any program you wrote in Microsoft BASIC would be available to anyone with the decompiler. Few developers of commercial software would want to use a language product that could be deciphered, thus allowing others to obtain their source code.
There's some talk from ex-microsoft programmers who swear there was one made for thier private use. I've also seen a Basic decompiler service on a web site which does provide some working BAS code from your exe, but it's a mess and not worth the money asked for the service (http://02c1289.netsolhost.com).
I can tell you as a BASIC software developer for nearly all of my career that this is not what you want. When it came time to "port" my accounting software from DOS BASIC to Visual BASIC having the source code and a complete understanding of the code, since it was my own code, did not help in the least. It may be an over-used expression, but DOS and Windows are apples and oranges. You cannot simply convert the code, you must redesign and code the system.
All you need to do that is what you already have - a working version of the compiled code. Use it's screens to design your databases and screens in Windows, then write the underlying code. The design of those two things is often half to 90% of the work anyway. Now it did help me to have my own source for things like "how did I calculate those taxes again?" I could copy the pure logic code from DOS to Windows with little or no change, but anything involving the database or user interface had to be completely redone.
If you're not up to it, look for someone who is.
Again, you do NOT need the source code unless there's some kind of secret algorithm that you need to duplicate and don't understand yourself.
I'm fairly new to programming and wanted to start programming more efficiently. Try as I may I often find myself straying from the MVC model.
I was wondering are there any tips or methods in keeping your code organized when coding in xcode objc? To be more specific (I know you guys like that :) I want to
Be able to write libraries or self-containing code that can bring from one project to another
Share my code with others as open sourced projects
Prevent myself from writing messy code that does not follow proper structure
Use a high warning level. Build cleanly.
Remove all static analyzer issues.
Write some unit tests.
Keep the public interfaces small.
Specify your library's dependencies (e.g. minimum SDK versions and dependent libraries).
Compile against multiple/supported OS versions regularly.
Learn to create and manage static library targets. This is all you should need to support and reuse the library in another project (unless you drag external resources into the picture, which becomes a pain).
No global state (e.g. singletons, global variables).
Be precise about support in multithreaded contexts (more commonly, that concurrency shall be the client's responsibility).
Document your public interface (maybe your private one too…).
Define a precise and uniform error model.
You can never have enough error detection.
Set very high standards -- Build them for reuse as reference implementations.
Determine the granularity of the libraries early on. These should be very small and focused.
Consider using C or C++ implementations for your backend/core libraries (that stuff can be stripped).
Do establish and specify any prefixes for your library's objc classes and categories. Use good prefixes too.
Minimize visible dependencies (e.g. don't #import tons of frameworks which could be hidden).
Be sure it compiles without the client needing to add additional #imports.
Don't rely on clients putting things in specific places, or that resources will have specific names.
Be very conservative about memory consumption and execution costs.
No leaks.
No zombies.
No slow blocking operations on the main thread.
Don't publish something until it's been well tested, and has been stable for some time. Bugs break clients' code, then they are less likely to reuse your library if it keeps breaking their program.
Study, use, and learn from good libraries.
Ask somebody (ideally, who's more experienced than you) to review your code.
Do use/exercise the libraries wherever appropriate in your projects.
Fix bugs before adding features.
Don't let that scare you -- it can be really fun, and you can learn a lot in the process.
There are a number of ways you can reuse code:
Store the code in a common directory and include that directory in your projects. Simple, but can have versioning issues.
Create a separate project which builds a static iOS library and then create a framework. More complex to setup because it involves scripting to build the framework directory structure. But easy to use in other projects and can handle versioning and device/simulator combined libs.
Create a separate project which builds a static iOS library and then include this as a subproject in other projects. Avoids having to build frameworks and the results can be more optimised.
That's the basic 3, there are of course a number of variations on these and how you go about them. A lot of what you decide to do is going to come down to who you are going to do this for. For example I like sub projects for my own code, but for code I want to make available for others, I think frameworks are better. even if they are more work to create. Plus I can then wrap them up with docsets of the api documentation and upload the whole lot as a DMG to github for others to download.
I wish to get a quick feeling for how much “copy and paste” coding we have, there are many tools for C# / Java to check for this type of thing. Are there any such tools that work well with VB.NET?
(I have seen what looks like lots of repeated code, but wish to get some number to help me make a case for sorting it out)
Update on progress.
I have just tried Simian.
It does not seem to be able to produce a nicely formatted report I can sent by email
It does not cope when the names of local variables, or parameters etc may have been changed, e.g it just matches on lines of text being the same.
Clone Doctor does not support VB.NET (only C# and VB 6 and lot of other)
October 2010: VB.net added to langauges supported by CloneDR
Clone Detective for Visual Studio only supports C#
SolidSDD - Source Code Duplication Detector only supports C, C++, C# and Java
DuplicateFinder is open source, but otherwise looks very match like Simian, e.g it just works on lines of text
ConQAT - Continuous Quality Assessment Toolkit seems to have a clone detector that works for VB.NET (not tried it yet)
Gendarme is a bit like FXCop and has a AvoidCodeDuplicatedInSameClassRule rule, this looks very promising, as it avoids the problem of working at the text level. Just tried it, it is the best solution so far, pity it does not search with a greater scope.
Before claiming that this question is a duplicate, please check that the other question addresses VB.NET, as a lot of tools that work well for C# don't work so well for VB.NET. (However it would not surprise me if this question is a real duplicate)
CodeRush 11.2 introduced a new feature called Duplicate Detection and Consolidation (DDC)
http://community.devexpress.com/blogs/markmiller/archive/2011/11/29/duplicate-detection-and-consolidation-in-coderush-for-visual-studio.aspx
Make sure to check out the options for it as well, as you can have it run when so many lines are changed, certainly time has passed, etc.
They've posted some decent videos on the DevExpress site too.
Simian: http://www.redhillconsulting.com.au/products/simian/
[I'm the author of CloneDR ("Clone Doctor").]
CloneDR is parameterized by a full grammar for the programming language in question. So it doesn't just match lines. Rather, it can find clones which are syntactically well-formed, with variations that are more than just identifier changes, regardless of where they stop or start in a line.
The engine on which CloneDR rests, The DMS Software Reengineering Toolkit" is a tool for analyzing large scale systems in any programming language, and uses language descriptions to drive the analysis. DMS has a wide variety of language front ends already available.
Presently it has VBScript and VB6 (as dialects of "Visual Basic"). It doesn't have VB.net, but that would be pretty straightforward to do given the DMS infrastructure and our experience with lots of other languages.
So, CloneDR could do this just fine, with a small bit of effort on our part.
EDIT October 2010: VB.net added as a language CloneDR can process.
Atomiq supports vb.net amongst other languages, and the results are nicely presented.
JetBrains published console tool set Resharper Console Tools to run duplication analysis. Once installed it allows you to do the same analysis as TeamCity does and generate duplicates report locally and even include duplicates search into custom build process with MSBuild. This tool does exactly what you need. More details you can find here at JetBrains blog post
Try Simian:
Simian (Similarity Analyser) identifies duplication in Java, C#, C, C++, COBOL, Ruby, JSP, ASP, HTML, XML, Visual Basic, Groovy source code and even plain text files.
I once saw an impressive demo of Pattern Insight; its CP Miner may be what you’re looking for: http://patterninsight.com/products/cp-miner.php. It seems to be language-independent, though I couldn’t find anything explicit about languages other than C/C++.
Roll up your sleeves and write your own parser to use it with CPD?
See the question for the tools I found.
see also VB.NET Static Code Anaylsis
For better or for worst we now have a VB.NET coding standards document that is based on a C# coding standard as enforced by StyleCop.
For example
the number of spaces you should put in each side of a “+” sign etc
all instance Members (fields and methods!) must be access as “me.fieldName”
all shared members must be accessed as “className.fieldName”
As I tend to think:
If it’s in a requirements document it
should be check for by an automatic
system
I am looking for (ideally free) tools that will check for that short of rules on VB.NET code, as these are style issues that don’t make it into the compiled output, FxCop is not useful.
(I would personally match rather that we just check for important things like duplicated code and single reasonability for each class (so no more multi thousand line classes!), but as I need to keep to the coding standard document I wish to have a tool to help me do so.)
see also Enforcing using the class name whenever a shared member is accessed.
About the bounty.
I am looking for a list of VB.NET code checking tools, with a short summery of what each tool can do and its limitations. If the tools are not free, please include some ideal of cost.
Does anyone have experience using CodeRush/Refactor! or ReSharper with VB.NET to check for this type of coding style issues?
I know of no free source code analysis tools with good VB support. There are, however, at least two commercial tools that may be suitable:
submain CodeIt.Right
SSW Code Auditor
Personally, I prefer the CodeIt.Right rule authoring mechanism, so I would favour it if considerable custom rule development were planned. However, if you just want to use out-of-the box rules, Code Auditor ships with quite a few more code style rules than CodeIt.Right, most of whose built-in rules target the compiled IL (like FxCop).
The only ones I know of are:
Microsoft's FxCop
Of course, this only operates on compiled assemblies, so doesn't give the same functionality as StyleCop, and certainly won't help with things like naming schemes.
However, the closest thing is:
Aivosto's Project Analyzer v9.0 for Visual Basic, VB.NET and VBA
The full version is not free, but this is the closest thing to StyleCop for VB.NET that I can find.
There have been a number of calls for a VB.NET version of Microsoft's StyleCop, such as those in this thread on the code.msdn.microsoft.com site. That same thread also gives some good insight into why a VB.NET version doesn't exist.
I use ReSharper on a daily basis and I find it fine for both code formatting and for solving naming issues. It allows to configure how naming must be enforced, how issues are displayed (hint, suggestion, warning, etc) and provides a precise code formatter (space, paranthesis, line breaks, this qualifier, etc).
Note that I don't know if it can be run in batch mode.
Turning Option Explicit on by default is always a great idea and should be standard practice. I would argue it should be turned on by default in VS out of the box. But it doesn't come close to enforcing the out of the box rules that StyleCop does for C#, nor does it allow for you to create your own rules.
The whole reason for StyleCop's existence is because FxCop only works on compiled assemblies, leaving web projects out in the cold for a similar tool. With StyleCop, web developers get the same great rule enforcement and tight VS integration. It is a great tool for any C# developer.
It is unfortunate that it is only C# capable, a VB version would satisfy a large community that is left wanting something similar.
There already is a very good style tool built into the VB compiler. It is called Option Explicit On, put it at the top of the source code file or use Tools + Options + Project and Solutions + VB Defaults, Option Explicit = On. If that wasn't turned on previously there could be a mountain of errors when you compile your code after changing that.
If it is clean or already turned on, consider that you are 95% close to writing clean C# code and that the language doesn't really matter anymore.