By Michael Flanakin @ 3:27 PM :: 196 Views :: 2 Comments :: Visual Studio, (Open), (Unreported) :: Digg it!

I've said it before and I'll say it again: code analysis should be a standard practice on all projects... well, I'll make an exception for throw-away demos. There are times, tho, when you just don't want to deal with the errors. For instance, if you are using an open source library, you'll most likely want to keep that code with yours; however, in most cases, you won't go thru and change it to apply the same standards you do on your own project. Because of this, it would be very nice to have the ability to suppress all code analysis messages or simply a category. Either way would be great. Currently, you can suppress a message for an assembly, class, or class member -- there's even a way to get a little deeper than class member, but that's where the suppression is documented. I'd like to see the SuppressMessage() and SuppressMessage(category). Obviously, these would suppress all messages or those in a specified category. This came up when a co-worker was checking in Enterprise Library code into the repository.

A recent VSTS chat talked about some added features in this area. While not quite what I'm looking for, at least it's good to see some enhancements. Here's the question and corresponding answer from David Kean...

Q: I'm trying to push for the use of TFS and the use of Code Analysis on projects from day one, but I have a lot of violations from WebService proxies even though they are marked with the GeneratedCode attribute. What can I do, short of hand-modifying them?

A: Mel, to suppress these warnings currently in Visual Studio 2005 you would need to manually generate a suppression that is applied at the module level (ie [module: SuppressMessage(...)]. For the format of the suppress message, see the following topic on MSDN: http://msdn2.microsoft.com/en-us/library/ms244717(vs.80).aspx. I know that this is not ideal and we will be addressing this in Visual Studio Orcas two ways - 1) We have added a checkbox to the Code Analysis tab that allows you to automatically ignore violations that are fired on generated code. This is enabled by default. 2) If you want to have more control over this what violations actually get suppressed, we have also added another menu item when you right-click on a warning that allows you to explicitly suppress a warning as a module suppression in GlobalSuppressions.cs. This saves you from having hand-code these and also prevents these suppressions from being blown away the next time the WebService (or any other generated code) gets regenerated.

Perhaps I spoke too soon. It seems as tho the VS code analysis (CA) team has looked at all-up class supressions...

Q: Okay, I can manually add global suppressions to tell fxcop to shut up about specific errors in the generated classes, but is there a way to suppress ALL code analysis for an individual class?

A: No this is not currently possible. Although, may seem like a great feature, this can actually have unexpected consequences. For example, what happens if this class ships with a known security bug? We felt that the better model would be to explicitly suppress a warning - which will not only ensure that you've looked at it, but also gives an indication to other developers working on your team that you've done this. There also is the problem of interaction with Code Analysis policy. If an administrator has enabled this, how do they enforce that users do not explicitly turn of Code Analysis for all their classes? Although in saying that, this is something that we have thought about a lot and although we will not be providing anything for Orcas, we will be looking at solving these issues and others sometime in the future.

While I completely understand (and expected) David Kean's response, part of me still wants to have the capability. There are some things you just don't want to deal with CA for, yet you'd like to have it as a policy for your solution.