Code review can be a cumbersome aspect of the development process, but thankfully, there are tools available to assist in the process. In January 2007, I reviewed the tool called FxCop, but I have since fallen in love with another tool called NDepend for everyday use. NDepend provides plenty of tools to assist in the code review process.

The benefits

The benefits of code reviews increase with the size of the development team, as the complexity increases as more people contribute to the code base. It is important to catch as many mistakes before they affect the build process. All developers make mistakes like forgetting to properly close and dispose a database connection or a missing assembly reference. These common issues are seemingly easier to catch, but you often want to take a closer look at project code, which is where NDepend enters the picture.

A trial edition of NDepend is available as one zip file. Once the trial expires, you need to purchase a complete license. You download and unzip to a location on your system. The resulting directory includes a Visual Studio installer, the Visual NDepend, and a console interface. The Visual Studio installation adds an NDepend file menu option. From there you can select Attach New NDepend Project To current VS Solution. Once it is added, you can select Run Analysis from the drop-down menu to generate the report data.

NDepend allows you to dig into the code base with plenty of reports and statistics to give you a better idea of where problems are present in the code. The reports are available real time within the Visual Studio IDE or via generated HTML. Here is a quick overview of some of the features:

  • Dependency Graph: Provides a graphical representation on what code depends on what other code. This can be overwhelming and rather difficult to read with a large code base.
  • Dependency Matrix: I prefer this representation over its graph counterpart. It provides a cross reference of assemblies. You can display the correlation between assemblies/code in a graph with x and y axis — it shows the coupling of resources.
  • Code Metrics: The Metrics window provides a visualization of the relative and absolute size of project assemblies, namespaces, types, and methods. It provides various tidbits, including lines of code, number of IL instructions, and everything is lumped together into its namespace. This view allows you to quickly and easily drill down into code to get a better idea of how it is used.
  • Class Browsers: It shows the assemblies, namespaces, types, and members of your project. Application assemblies are black, and tier assemblies are blue.

This is only a subset of the numerous features available in NDepend, but one thing that can be used across the board is its Code Query Language (CQL), which allows you to quickly drill down via code.

CQL

The CQL support is one of the more powerful features of the NDepend tool, and it is easy to learn for those with any programming background. It is a query language for source code that was developed by the NDepend group. CQL allows you to easily search your source code, as well as define what should or should not be included in the NDepend analysis.

While the specifics of the language are beyond the scope of this post, it is good to see how it can be used. The following snippet allows you to quickly find unused methods — that is, those methods not referenced anywhere within the code:

// Locate unused methods
SELECT METHODS WHERE MethodCa == 0 AND !IsPublic AND !IsEntryPoint AND !IsExplicitInterfaceImpl AND !IsClassConstructor AND !IsFinalizer

The next snippet can be used to locate all methods that have more than six parameters:

SELECT METHODS WHERE NbParameters > 6

The CQL Query Editor window available via the NDepend menu selection within Visual Studio allows you to easily write your own queries with IntelliSense support.

Pinpoint problems

Code analysis is a task often grouped with documentation — most people just don’t like to do it — but I like to know where my code can be improved. A tool like NDepend can give you a look at the complexity of your code and highlight areas for improvement as well as show you what code is no longer used. This allows you to focus refactoring efforts, as well as clean up the code base. Also, it allows you to create a custom rule to enforce your own standards.

For more details, check out the great documentation that makes it easy to get up and running, and read a good post that explains how the CruiseControl.NET used NDepend to analyze their code base.

Does your development team actively conduct code reviews? What tools do you use for code review? Share your experiences and ideas with the community.