NDepend and static code analysis for .NET

Recently, I’ve been spending time analyzing code from a project I’m working on using NDepend 2.6. NDepend is described as…

…a static analyzer that simplifies managing complex .NET code bases.

It digs deep into your code providing an incredible level of detail. Should you decide to take a look at NDepend be sure to give yourself several hours to spelunk as there’s tons to dive into. For starters here is a screenshot of what you can expect when you load a project:

NDepend Static Code Analysis Tool

In this image the mouse (not pictured) is hovering over an assembly name in the Dependencies pane, in the center of this image. Simultaneously the assembly region is is highlighted in the Metrics pane, in the top right.

Querying your code

While I’m still very new to this tool and digging away the thing that’s really caught my attention is CQL. Here’s a closer look at the CQL Query pane:

NDepend CQL Queries Pane

CQL stands for Code Query Language and it’s exactly what it sounds like, SQL for code, the heart of NDepend. In fact, you can check out the CQL v1.5 spec. In the above image, the queries you see are provided by default when you load a new project. On the left is a list of query groups which is a one to many with the queries listed on the right. In the image at the top I’ve selected a query titled “Methods too big” which equates to this in CQL:

// <Name>Methods too big (NbLinesOfCode)</Name>
WARN IF Count > 0 IN SELECT TOP 10 METHODS WHERE NbLinesOfCode > 30 ORDER BY NbLinesOfCode DESC
// METHODS WHERE NbLinesOfCode > 30 are extremely complex and
// should be split in smaller methods
// (except if they are automatically generated by a tool).
// See the definition of the NbLinesOfCode metric here http://www.ndepend.com/Metrics.aspx#NbLinesOfCode

Notice the blue highlights on the Metrics pane, again the one with the gray sphere’s, which represent methods from the query result set. Double clicking any of the sphere’s opens that method in VS.NET, very nice. Btw, NDepend includes copy/paste syntax highlighting of CQL queries, also a nice touch.

NDepend CQL Intellisense

Clearly, CQL is incredibly powerful and the engine that drives the code analysis used in NDepend. I think it’s a very natural approach for .NET developers and if you’ve worked with SQL at all you’ll find picking up CQL straightforward. Although, NDepend does go one step further by providing CQL Intellisense making it easier to get started with the new query language.

While the Intellisense support is nice it would be even better if it listed things like assemblies, namespaces and types (among others) where appropriate rather than just listing “assembly” or “type”.

Continuous Integration Support

If you’ve followed my blog you know I’ve written quite a bit about CruiseControl.NET which NDepend integrates nicely with. Included is a command line tool which will generate your NDepend output for integration with your build results. Here is a short screencast available with more details so I’ll leave it at that.

Conclusion

I’ve already spent numerous hours exploring my code and playing with CQL and I still just scratching the surface. I’ve also managed to find and fix a number of issues and improve and optimize my code. The NDepend website has lots of screencasts on how to accomplish various tasks using NDepend and be sure to read Patrick’s blog for lots more information on NDepend.

What do you use for static code analysis?

In the interest of full disclosure, I was provided a copy of NDepend v2.6.3 for review with no strings attached for which I’d like to thank NDepend’s developer Patrick Smacchia for the license and providing such a great tool to the .NET community!

4 thoughts on “NDepend and static code analysis for .NET

  1. It was sad that Borland gave up Together for VS and CodeGear gave up Together for C# in RAD Studio. I will remember the sweet times that Together helped me locate design faults inside source code in a higher level by providing me Audits and Metrics reports.
    And it is luckily to have FxCop and NDepend out there still for C# (and other .NET languages) so I can continue metrics on my code base. Patrick is so generous by providing Open Source edition of NDepend free of charge.

  2. Sorry that I might use a wrong term. There is no open source edition but open source license for a lite edition of NDepend which is also valid for Academic and Trial.

  3. Stefan,
    If there is I’ve never seen it. .NET being managed lends itself to this sort of code analysis whereas Delphi executables being Intel assembler do not. That said, AutomatedQA ships AQTime which provides impressive profiling for Win32 applications. That’s probably about as close as you’re going to get. Now that I’m in the .NET world full time it’s eye opening to see the number of tools there are for analysis, testing, code coverage etc. When I was in Las Vegas at DevConnections there were some impressive tools there for the .NET framework.

Comments are closed.