Whidbey FxCop 1.32 ignores certain methods ?
Guy
[409 byte] By [GuySmith-Ferrier] at [2008-2-5] 
«« OLE Db Destination task in ASYNC_NETWORK_IO wait state
»» get width of windows user control in inches
»» get width of windows user control in inches
An excellent question. As you're probably well aware, FxCop generates a lot of noise against ASP.NET apps. FxCop is a reusable library checker and there are many patterns that simply don't need to be applied to web apps: they aren't exposed as helper libraries to other apps.
In order to restrict FxCop analysis to the most directed result set for Whidbey (v2.0 of the framework), we've created a new GeneratedCodeAttribute (that lives in system.dll) which is used by v2.0 codegen tools, such as the ASP.NET compiler.
There's also another wrinkle: the ASP.NET compiler emits quite a bit of code that doesn't map to user source. There's no point firing messages against these constructs, as they can't be fixed. So, when analyzing a binary that's marked as having been emitted by the v2.0 ASP.NET compiler, FxCop checks the PDB to see if there's source information for the method under analysis. If there isn't, we can't be user the method maps to user code, and it won't be analyzed. Constructors are currently exempt from this heuristic, as the compiler emits a constructor (not present in the PDB) that indirectly maps to user code. If you initialize a field inline, for example, you'll get a generated constructor.
What this means is that you must have valid pdbs alongside your web app binaries in order to get a complete analysis.
Michael Fanning
VSTS Team System: Code Analysis
MichaelFanning-MS at 2007-9-9 >
Michael,
Ok, thanks for the explanation. However, it sounds as if FxCop is specifically stopping me from doing what I want to do and that there is no workaround. I would like to have a way of telling FxCop to analyze an assembly regardless of the presence of a PDB file or the GeneratedCodeAttribute. I have written a number of FxCop rules which analyze ASP.NET's generated assemblies. These rules check for globalization mistakes in the aspx file. Obviously the aspx file is turned into IL and included in an assembly and this allows me to analyze it with FxCop in the .NET Framework 1.1. aspx files are obviously source code and they are something that the developer does have under their control so I feel that these rules are justifiable.
Is there a workaround ? If not, can you add a solution to the next release ?
Thanks.
Guy
GuySmith-Ferrier at 2007-9-9 >
There is a workaround, generate a valid PDB for the asp.net binaries. Everything should work in this case, and the cost of doing so isn't prohibitive.
Will that solution not work for you?
Michael
MichaelFanning-MS at 2007-9-9 >
Michael,
> There is a workaround, generate a valid PDB for the asp.net binaries
This doesn't work for me but it could be something that I'm doing wrong. I am compiling my ASP.NET application using the following command:-
aspnet_compiler -v /FxCopWebsite1 c:\FxCopWebSite1\Precompiled -d
This generates a PDB for my assembly (App_Web_jqjw9hh8.dll) but my rule does not get fired for any of the methods which I am interested in e.g. Default_aspx.__BuildControlButton1().
Are you saying that with a PDB present this should work ?
Guy
GuySmith-Ferrier at 2007-9-9 >
Yes, it should. There could be an issue w/our pdb reading here. You're sure that you have source lookups enabled in your project? Select Project/Options from the GUI menu, and make sure 'Attempt source file lookups' is enabled.
Can you set and hit a breakpoint in __BuildControlButton1() while debugging?
If both conditions above are true, zip up your temporary assembly and its corresponding pdb and send them to me here. MikeFan at microsoft dot com. I'll take a look. There could very well be an issue we need to look at.
Michael
MichaelFanning-MS at 2007-9-9 >
Guy, I received your zip, thanks for sending it. I will take a look at it tomorrow. One other thing I neglected to mention: in order to read v2.0 pdbs, you must be running the Whidbey version of FxCop. Forward-binding analysis from the v1.1 version of FxCop won't work. The reason is that in v1.1, the native file supporting PDB reading (diasymreader.dll) is loaded directly into any managed process and can't be unloaded subsequently in favor of a version that understands the most recent pdb format.
If you've been running v1.1 FxCop, try downloading the v2.0 version from www.gotdotnet.com and giving it a try.
Michael
MichaelFanning-MS at 2007-9-9 >
Michael,
I don't think that is the problem - I made sure that I was using the Whidbey FxCop 1.32 (and I recompiled my custom rule library). However, my test was on the June 2005 CTP and not Beta 2 - I assumed that this would not make a difference.
Guy
GuySmith-Ferrier at 2007-9-9 >
Sorry for the delay in replying to this. Your sample is behaving as expected. We don't analyze any types for asp.net binaries except those that constitute user-provided code-behind. The example you were looking for is code that's rendered in the higher-level mark-up language that FxCop doesn't examine.
We could consider providing a mechanism for custom rules that run against asp.net apps to receive absolutely all calls. I'll talk to the team about this. Probably, we'd want to expand the rule metadata in order to help describe this.
Michael
MichaelFanning-MS at 2007-9-9 >
Michael,
Ok, so that I understand then I think you are saying that:-
(1) FxCop ignores all methods or classes which have been marked with the GeneratedCodeAttribute
(2) The presence or absence of a PDB file makes no difference to FxCop's interpretation of the GeneratedCodeAttribute
(3) There is currently no workaround
In your original explanation you said "the ASP.NET compiler emits quite a bit of code that doesn't map to user source. There's no point firing messages against these constructs, as they can't be fixed".
I this that there is an important distinction which is being overlooked here: the generated code *does* map onto source - the distinction is that the source is an .aspx file and not a .cs file. The result, however, is that I *can* change the source (i.e. the .aspx) to fix the generated code and therefore it is valid to analyze this code.
Clearly I would like to request that you lift this restriction.
Thanks.
Guy
GuySmith-Ferrier at 2007-9-9 >
I have a couple of corrections to offer:
1) FxCop does not universally ignore items marked w/GeneratedCode. FxCop does notice when a binary is marked as compiled by asp.net (via GeneratedCodeAttribute). In this case, special filtering kicks in.
2) This filtering depends on the presence of valid pdbs. If FxCop detects that a method body contains executable code that is referred to in a pdb, it will analyze that method, otherwise it will not.
The idea here is not to analyze any item that somehow relates to a construct that might be edited by a developer. The goal is to only analyze items that map to reusable API (FxCop is, of course, an API checker).
In the future, we might develop rules that are relevant for web apps, in which case we'll need to revisit our current model. As mentioned in my last post, we should also consider allowing rules to indicate they would like to be called for any ASP.NET construct whatsoever. As you noted, there's currently no way around our current heuristics.
Michael
MichaelFanning-MS at 2007-9-9 >
Michael,
Sorry to be slow here but I don't know how to resolve what you are saying.
MikeFan> FxCop does not universally ignore items marked w/GeneratedCode. FxCop does notice when a binary is marked as compiled by asp.net (via GeneratedCodeAttribute). In this case, special filtering kicks in
Are you saying that FxCop looks for both the presence of the GeneratedCodeAttribute and also some other criteria which is built into FxCop (such as the naming convention of methods which are auto-generated) ?
MikeFan> This filtering depends on the presence of valid pdbs. If FxCop detects that a method body contains executable code that is referred to in a pdb, it will analyze that method, otherwise it will not So I remain uncertain as to why the generated assembly from the code I sent you didn't get analyzed. The generated assembly had a valid PDB in my tests. Thanks for your patience. Guy
GuySmith-Ferrier at 2007-9-9 >
I'm not being very clear here, sorry. Let me try again:
In Whidbey, the asp.net compiler marks all generated binaries with the GeneratedCodeAttribute. The ASP.NET compiler name is emitted as a property pf the attribute. When FxCop notices that it is analyzing an ASP.NET binary, it will check for valid PDB information for every method before analyzing it. If there is no PDB, or if the method is compiler-emitted and doesn't map to a user-provided source file (ie, its location does not exist in the PDB), it will not be analyzed. The ASP.NET compiler will not emit PDB information for many methods that result from the higher-level markup provided in aspx files.
If a method is analyzed, many FxCop rules have been modified not to fire if the declaring module has been emitted by the asp.net compiler. Many API usability rules fall into this category, since asp.net assemblies do not constitute a reusable API.
You provided a valid PDB file in your example, but there weren't any code-behind classes available for analysis.
Michael
MichaelFanning-MS at 2007-9-9 >
Michael,
Thanks for the clarification. One more question then:-
You said "The ASP.NET compiler will not emit PDB information for many methods that result from the higher-level markup provided in aspx files.". Does this mean that even if FxCop is modified to allow the GeneratedCodeAttribute to be ignored that it wouldn't make any difference because the PDB information is missing ?
I have 5 or 6 rules which I feel make a valid case for analyzing generated code (specifically, analyzing aspx files and their relationship with their associated resources). I would be disappointed if it will never be possible to use these rules in .NET 2.0.
Thanks.
Guy
GuySmith-Ferrier at 2007-9-9 >
We can change FxCop so that it always calls your rule for these methods. The only implication for your analysis results would be that no source file and line information would ever appear, since the asp.net compiler is not emitting it to the pdb.
Michael
MichaelFanning-MS at 2007-9-9 >
Visual Studio Team System Hot Topic
- Project creation fails
- Bug in FxCop 1.32 displaying an FxCop custom rule error
- Problem getting performance sessions from unit tests
- Error HTTP 403 - Forbidden access when browsing to VSTFWeb
- Web tests resulting in Internal Server error due to Invalid ViewState
- Any document about extensibility of profile, coverage and so on?
- CA1002 - DontExposeGenericLists
- Recommend moving to team system now?
Visual Studio Team System New Topic
- Column Headers of Show Fields table in 'Detailed Description and History' tab should be in bol
- Resources: Team Edition for Software Architects
- Resources: Team Edition for Software Developers
- Reources: Team Edition for Software Testers
- Resources: Microsoft Solutions Framework (MSF) in Team System
- Resources: Team Development & Collaboration with Team System
- Resources: Overview of Visual Studio Team System (VSTS)
- MSF for CMMI(r) Process Improvement Beta Now Available
Visual Studio Team System
- Visual Studio Team System - General
- Visual Studio Team System - Architecture & Design
- Visual Studio Performance Tools (Profiler)
- Visual Studio Application Verifier
- Visual Studio Code Analysis and Code Metrics
- Visual Studio Team System - Testing
- Visual Studio Team System - Web and Load Testing
- Visual Studio Team System - Database Professionals
- Visual Studio Team System - Microsoft Solutions Framework (MSF)
- Team Foundation Server - General
- Team Foundation Server - Setup
- Team Foundation Server - Administration
- Team Foundation Server - Build Automation
- Team Foundation Server – Power Tools & Add-ons
- Team Foundation Server - Process Templates
- Team Foundation Server - Reporting & Warehouse
- Team Foundation Server - Team System Web Access
- Team Foundation Server - Version Control
- Team Foundation Server - Work Item Tracking
Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech
Site Classified
- SQL Server
- Windows Forms
- .NET Development
- Visual Basic
- Visual Studio
- Visual Studio Team System
- Visual Studio Orcas
- Visual Studio Express Editions
- Software Development for Windows Vista
- Visual C#
- Visual C++
- Smart Device Development
- SharePoint Products and Technologies
- Feedback for forums and MSDN websites
- Game Technologies: DirectX, XNA, XACT, etc.
- Visual Studio Tools for Office
- Windows Live Developer Forums
- Microsoft ISV Community Center Forums
- Internet Explorer Development
- Visual FoxPro
- Windows Search Technologies
- Audio and Video Development
- Architecture
- Commerce Server
- Gadgets
- Microsoft Robotics Studio
- Community Chat
- BizTalk Server
- Visual J#
- Windows Networking Development
- Silverlight (formerly WPF/E)
- Popfly
- SQL Server Katmai
- Connected Services Framework
- Office Live Development
- Customer Care Framework
- Incubation Technologies
- Software Engineering Discussion
- System Center
- Software Licensing and Protection Services
- Visual Studio Rosario
- Small Business Application Development
- Office
- Windows Server 2008
- JScript
- Storage Platform – Core
- Misc