An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.
Check the official project site on code-cracker.github.io. There you will find information on how to contribute, our task board, definition of done, definition of ready, etc.
This is a community project, free and open source. Everyone is invited to contribute, fork, share and use the code. No money shall be charged by this software, nor it will be. Ever.
The list of features is documented here: http://code-cracker.github.io/diagnostics.html
Code | Analyzer | Severity | Description |
---|---|---|---|
CC0003 | CatchEmptyAnalyzer | Warning | Catch statements with no Exception as an argument is not recommended. Consider adding an Exception class to the catch statement. |
CC0004 | EmptyCatchBlockAnalyzer | Warning | An empty catch block suppress all errors and shouldn’t be used. If the error is expected consider logging it or changing the control flow such that it is explicit. |
CC0016 | CopyEventToVariableBeforeFireAnalyzer | Warning | Events should always be checked for null before being invoked. As in a multi-threading context it is possible for an event to be unsuscribed between the moment where it is checked to be non-null and the moment it is raised, the event must be copied to a temporary variable before the check. |
CC0021 | NameOfAnalyzer | Warning | In C#6 the nameof() operator should be used to specify the name of a program element instead of a string literal as it produce code that is easier to refactor. |
CC0024 | StaticConstructorExceptionAnalyzer | Warning | Static constructor are called before the first time a class is used but the caller doesn’t control when exactly. Exception thrown in this context force callers to use ‘try’ block around any useage of the class and should be avoided. |
CC0031 | UseInvokeMethodToFireEventAnalyzer | Warning | In C#6 a delegate can be invoked using the null-propagating operator (?.) and it’s invoke method to avoid throwing a NullReference exception when there is no method attached to the delegate. |
You may use CodeCracker in two ways: as an analyzer library that you install with Nuget into your project or as a Visual Studio extension. The way you want to use it depends on the scenario you are working on. You most likely want the Nuget package.
If you want the analyzers to work during your build, and generate warnings and errors during the build, also on build servers, then you want to use the Nuget package. The package is available on nuget (C#, VB). If you want to be able to configure which analyzers are being used in your project, and which ones you will ignore, and commit those changes to source control and share with your team, then you also want the Nuget package.
To install from Nuget, for the C# version:
Install-Package CodeCracker.CSharp
Or for the Visual Basic version:
Install-Package CodeCracker.VisualBasic
Or use the Package Manager in Visual Studio.
There is also a version for both named CodeCracker
only, but it makes not sense to get it, you should search for the C# or VB version.
If you want the alpha builds that build on each push to the repo, add https://www.myget.org/F/codecrackerbuild/ to your nuget feed. We only push complete releases to Nuget.org, and commit builds go to Myget.org.
If you want global analyzers that will work on every project you open in Visual Studio, then you want the Extension. Grab the extension at the Visual Studio Extensions Gallery (C#, VB).
To build from source:
git clone https://github.com/code-cracker/code-cracker.git
cd CodeCracker
msbuild
Then add a reference to CodeCracker.dll from within the Analyzers node inside References, in Visual Studio.
TL;DR: If you want to use CodeCracker in all your projects, install the Visual Studio extension (C#, VB). If you want to use CodeCracker for just one project, install the Nuget package as described above.
CodeCracker has a SonarQube Plugin that can be downloaded at Plugins HomePage.
The main supported IDE for development is Visual Studio 2017. We do not support VS 2015 anymore.
Questions, comments, bug reports, and pull requests are all welcome.
Bug reports that include steps-to-reproduce (including code) are
preferred. Even better, make them in the form of pull requests.
Before you start to work on an existing issue, check if it is not assigned
to anyone yet, and if it is, talk to that person.
Also check the project board
and verify it is not being worked on (it will be tagged with the Working
tag).
If it is not being worked on, before you start check if the item is Ready
.
If the issue has the Working
tag (working swimlane on Huboard) and has no Assignee
then it is not being worked on by somebody on the core team. Check the issue's
description to find out who it is (if it is not there it has to be on the comments).
We are adding people that want to contribute to the Contributors
team so we can
always assign them to the issues, so during your first contribution you probably will
be assigned to this team.
The easiest way to start is looking into the issues that are up for grabs. You may ask to work on any of them, read below to see how. You can also triage issues which may include reproducing bug reports, or asking for vital information such as version numbers or reproduction instructions. If you would like to start triaging issues, one easy way to get started is to subscribe to code-cracker on CodeTriage.
If you are just starting with Roslyn, want to contribute, and feel you are not yet ready to start working on full analyzers or code fixes, you can start helping with areas that are less demanding. We have identified a few:
-
Fixing bugs
Still demands knowledge of Roslyn internals but it is easier than coming up with a full analyzer or code fix. Look for the bugs that are up for grabs.
-
Documentation
We are documenting all analyzers on the CodeCracker user site. There are lots of analyzers and code fixes to document.
-
Localization/Translation
We are starting to translate the analyzers and code fixes messages to other languages. If you want CodeCracker on your language feel free to create an issue and start working on it. If you want to help with an ongoing translation, comment on the existing issue and say you are ready to help. We also need to update existing analyzers, which were not created ready for localization.
- The task board is at Huboard.
- You can also check the Github backlog directly.
An item should only have its work started after the backlog item is ready. We have defined ready as:
- Have most of the scenarios/test cases defined on the issue on Github
- If it has an analyzer then
- The warning level of the analyzer must be in the issue's description (
Hidden
,Information
,Warning
, orError
) - The diagnostics it provides should already have numeric ids defined formated as
CC0000
. - If it has a code fix then the category should be in the issue's description. The supported categories are listed on the
SupportedCategories.cs
file. - Have some of the maintainers verify it (cannot be the same one who wrote the issue and/or test cases)
The first one is important so we have clearly defined what we will build. The last one is important so we don't go on building something that will not be usable, will hurt users, or will be a waste of effort.
View examples at issues #7 and #10.
These are the 4 severity levels supported on Roslyn and how they are understood on the Code Cracker project:
- Hidden: Only used for refactorings. See #66 (and its comments) to understand why.
- Info: An alternative way (ex: replacing for with foreach). Clearly a matter of opinion and/or current way could be correct, or maybe the new code could be correct. We cannot determine.
- Warning: Code that could/should be improved. It is a code smell and most likely is wrong, but there are situations where the pattern is acceptable or desired.
- Error: Clearly a mistake (ex: throwing ArgumentException with an non-existent parameter). There is no situation where this code could be correct. There are no differences of opinion.
You can read directly on Microsoft's source code how they interpret these levels.
The DoD is still evolving. At the present time the checklist is as follows:
- Builds
- Has tests for analyzers, code fixes (including fix all providers) and refactoring
- All tests pass
- Analyzers follow the guidelines for names
- Always named
<featurename>Analyzer
- Always add the diagnostic id to the
DiagnosticIds.cs
file. - Code fixes should follow the guidelines for names
- Always named
<featurename>CodeFixProvider
- Always use the same diagnostic id added to the
DiagnosticIds.cs
file, unless you are writing a code fix for a diagnostic id raised by the C# compiler itself (staring withCS
). - Fix all scenarios (fix all in document, fix all in project and fix all in solution) work. You might need to write a
FixAllProvider
. Check theDisposableVariableNotDisposedFixAllProvider
as an example. - Follow the coding standards present on the project code files.
- Works in Visual Studio
- Uses localizable strings
Once it is Ready and agreed on by any one from the core team, just state in a comment that you intend to start working on that item and mention any/all the maintainers (use @code-cracker/owners) so they can tag it correctly and move it on the board.
If you are not familiar with the way Github works you might want to check the Github guides, specially the Github flow one. The GitHub for the Roslyn Team video might help you as well, and it also explains some Git concepts.
To start working fork the project on Github to your own account and clone it from there. Don't clone
from the main CodeCracker repository. Before you start coding create a new branch and name it in a way that makes
sense for the issue that you will be working on. Don't work on the master
branch because that may make
things harder if you have to update your pull request or your repository later, assume your master
branch
is always equals the main repo master
branch, and code on a different branch.
When you commit, mention the issue number use the pound sign (#). Avoid making a lot of small commits unless they are meaningful. For most analyzers and code fixes a single commit should be enough. If you prefer to work with a lot commits at the end squash them.
Make your first commit lines mean something, specially the first one. Here and here are some tips on a good commit first line/message.
Do not, under any circumstance, reformat the code to fit your standards. Follow the project standards, and if you do not agree with them discuss them openly with the Code Cracker community. Also, avoid end of line white spaces at all costs. Keep your code clean.
Always write unit tests for your analyzers, code fixes, fix all providers and analyzers.
When you are done, pull the changes from the master
branch on the main CodeCracker repo and integrate them.
You have to do that in the command line:
# add the main repo with the `codecracker` name
git remote add code-cracker https://github.com/code-cracker/code-cracker.git
# checkout the master branch
git checkout master
# download the latest changes from the master repo
git pull code-cracker master
# go back to your working branch
git checkout <youbranchname>
# integrate your changes
git merge master
# solve integration conflicts
You can solve the conflicts in your favorite text editor, or, if you are using Visual Studio, you can use it as well.
Visual Studio actually presents the conflict in a very nice way to solve them.
Also, on the go back to your working branch
step you can go back to using Visual Studio to control git, if you
prefer that.
If you know git well, you can rebase your changes instead of merging them. If not, it is ok to merge them.
When your changes are up to date with the
master
branch then you should push them to your Github repo and then you will be able to issue
a pull request and
mention the issue you were working on. Make your PR message clear. If when you are creating the pull request on
Github it mentions that the PR cannot be merged because there are conflicts it means you forgot to integrate
the master
branch. Correct that push the changes to your personal repo. This will automatically update the PR.
The project maintainers should not have to resolve merge conflicts, you should.
After your pull request is accepted you may delete your local branch if you want. Update your master
branch
so you can continue to contribute in the future. And thank you! :)
If your pull request is denied try to understand why. It is not uncommon that PRs are denied but after some discussing and fixing they are accepted. Work with the community to get it to be the best possible code. And thank you!
- Every pull request must have unit tests. PRs without tests will be denied without checking anything else.
- Must build and all tests must pass
- Must mention an existing issue on Github
- Don't reformat any code but the one you produced
- Follow the coding standards already in place within the project
- One code issue per person at a time (blocked issues don't count)
- Your pull requested will be commented by the Coveralls bot. Make sure code coverage has not gone down significantly. Ideally, it should go up.
If you work on something that you have not yet discussed with the maintainers there is a chance the code might be denied because they might find the analyzer/fix is not necessary, or duplicated, or some other reason. They are easily reachable through Twitter or on Github. Before you code discuss it with it them.
Small code changes or updates outside code files will eventually be made by the core team directly on master
, without a PR.
- Giovanni Bassi, aka Giggio, Lambda3, @giovannibassi
- Elemar Jr., Promob, @elemarjr
- Carlos dos Santos, CDS Informática, @cdssoftware
Contributors can be found at the contributors page on Github.
The maintainers have to:
- Commit regularly.
- Work on project maintenance tasks regularly, like (but not limited to)
- attend meetings,
- review pull requests,
- create and discuss on project issues.
To become part of the core team one has to be invited. Invitations happen only if all the core team agrees.
If a member of the core team is not active for at least two months, they will probably be removed from the core team.
Please see our contact page.
This software is open source, licensed under the Apache License, Version 2.0. See LICENSE.txt for details. Check out the terms of the license before you contribute, fork, copy or do anything with the code. If you decide to contribute you agree to grant copyright of all your contribution to this project, and agree to mention clearly if do not agree to these terms. Your work will be licensed with the project at Apache V2, along the rest of the code.