Microsoft Pushes Secure, Quality Code

 
 
By Darryl K. Taft  |  Posted 2007-10-05
 
 
 

Microsoft is continuing its thrust to help developers write more secure and better quality code.

The Redmond, Wash., software company is putting new code analysis features into the next version of its development tools suite, Visual Studio 2008.

In Visual Studio 2005, the company integrated a couple of static analysis tools—FxCop and PREfast into the tools suite under the names Managed Code Analysis and C/C++ Code Analysis, said S. "Soma" Somasegar, corporate vice president of Microsofts developer division, in a blog post Oct. 4.

Now for Visual Studio 2008, Microsofts code analysis team is adding some new features, including Code Metrics, a new tool window "that allows you to not only get an overall view of the health [code-wise] of your application, but also gives you the ability to dig deep to find those unmaintainable and complex hotspots," Somasegar said.

For Visual Studio 2008, Code Metrics will ship with five metrics: Cyclomatic Complexity, Depth of Inheritance, Class Coupling, Lines of Code and Maintainability Index, he said.

Other new features include Code Analysis Policy improvements, which provide the ability to ensure that code analysis is run before every check-in. The Microsoft team also made some usability improvements, including better guidance and providing more control over how settings are applied from the policy to projects, Somasegar said.

According to Somasegars blog, Visual Studio 2008s code analysis capabilities will also feature new analysis improvements, such as: support for analyzing anonymous methods and lambda expressions; reduced noise in existing analysis and the ability to skip over tool generated code; new analysis, including additional rules around security, globalization, maintainability and spelling (including custom dictionary support); better support for C++/CLI and the Compact Framework; and performance improvements that cut analysis time over managed code by two times, and use half as much memory than in Visual Studio 2005.

The new tool set also has feature enhanced suppression support, he said.

"Code Analysis supports suppressing an instance of a warning by right clicking on it in the Error List and choosing Suppress Message," Somasegar said. "This support has been extended for Visual Studio 2008, giving more control over whether a suppression is applied in-source or in a separate project suppression file. The underlying suppression format has also changed to support generic methods, C++ boxed value types and special type modifiers."

Microsoft has set the official launch for Visual Studio 2008—along with Windows Server 2008 and SQL Server 2008—for Feb. 27, 2008, in Los Angeles. However, the Visual Studio 2008 code is expected to release to manufacturing later this year.

Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.

Rocket Fuel