Talking .NET Code Analysis with Patrick Smacchia
Patrick Smacchia is a Visual C# MVP involved in software development for over 15 years. He is the author of Practical .NET 2 and C# 2, a book about the .NET platform conceived from real world experience. After graduating in mathematics and computer science, he has worked on software in a variety of fields including stock exchange at Société Générale, an airline ticket reservation system at Amadeus as well as a satellite base station at Alcatel. He's currently the lead developer of the tool NDepend.
Rob Bazinet (RB): What is NDepend?
Patrick Smacchia (PS): NDepend is a tool for .NET developers and architects. Code bases are very complex things and NDepend is a tool that helps getting information from the source code. For example, with NDepend knowing if your code base is correctly layered, knowing what has changed since the last release or assessing the code quality represents some immediate tasks that might take hours or days with traditional tools.
RB: How did you come with the idea for NDepend?
PS: 5 years ago I was consulting on a huge and dirty code base. At the same time I was reading the excellent book, Agile Software Development, Principles, Patterns, and Practices, from Robert C Martin. The book describes some cool metrics to assess componentization of a code base.
Finally at that time, I was coming to .NET from C++ and one of my preferred things was System.Reflection that was much more compelling than C++ RTTI. It was then natural to start developing a quick tool based on Reflection to see what Martin's metrics had to say on the huge and dirty code base. I then put the tool as OSS and it became more and more popular with many demands for features. At a point, I realized that if the tool would support some visual and querying facilities, it could represent a new step in how we deal with code complexity.
RB: How can NDepend help me with my coding tasks and/or development lifecycle?
PS: NDepend can be of great help in various tasks, including refactoring, code review, code quality check and enhancement, design erosion check, code discovering, code browsing, build process rule enforcement.
NDepend is useful for refactoring code because it can show dependencies between your components, your namespaces, your classes... thanks to a dependencies matrix panel and some 'boxes and arrows' graph generation.
NDepend supports more than 60 code metrics that can be used to assess the code quality:
The NDepend analysis process can be integrated into MSBuild or NAnt build process. A report about the build process health is emitted each time an analysis is performed.
Thanks to a language dedicated to code structure querying (Code Query Language, CQL), developers can ask for any kind of questions about their code bases:
- Which classes implements IDisposable?
SELECT TYPES WHERE IsClass AND Implements "System.IDisposable"
- Which public methods could be declared as private?
SELECT METHODS WHERE IsPublic AND CouldBePrivate
- Which methods assign a particular field?
SELECT METHODS WHERE IsDirectlyWriting "MyNamespace.MyClass.m_Field"
- Which complex method is not enough commented?
SELECT METHODS WHERE CyclomaticComplexity > 15 AND PercentageComment < 20
This CQL language can be used to define some rules that can be checked for each build. When some rules get violated, the user gets notified from the report. NDepend comes with more than 50 predefined rules and it is designed to let users define seamlessly custom rule such as:
- Static fields should not be named m_XXX (Custom naming conventions):
WARN IF Count > 0 IN SELECT FIELDS WHERE NameLike "^m_" AND IsStatic
- I don't want that my User Interface layer to depend directly on the DataBase layer:
WARN IF Count > 0 IN SELECT NAMESPACES WHERE IsDirectlyUsing "DataLayer" AND NameIs "UILayer"
- Methods out of MyAssembly and MyAssembly2 should not have more than 30 lines of code:
WARN IF Count > 0 IN SELECT METHODS OUT OF ASSEMBLIES "MyAssembly1", "MyAssembly2" WHERE NbLinesOfCode > 30
NDepend can be used to compare 2 versions of a code base. This feature is especially useful when you are about to release a new version and want to focus your smoke tests and code review on things that have changed. Here also the CQL language is a great help to explore the diff. For example, to list the methods that have been modified between 2 builds you just have to write:
- SELECT METHODS WHERE CodeWasChanged
Finally, NDepend comes with a Visual Studio 2005 and 2008 add-in and a Reflector add-in that helps accessing its features from these tools.
RB: How does one get started using NDepend? What is the recommended path?
PS: First, download NDepend and analyze your code base. This should be done seamlessly because the VisualNDepend UI has been polished to have the exact same look and feel than Visual Studio.
Once the analysis done, the VisualNDepend UI displays several panels to browse analysis results. At this point, the user need to choose if he wants to browse dependencies, browse metrics, query the code base with the CQL language, compare 2 analysis etc... More or less, each feature has its dedicated panel. There is also an embedded help section that contains some 'Getting Started' explanations. Some screencasts are also linked. They explain how to achieve each particular task. Finally, our website contains advanced documentation such as the complete CQL specifications.
Once the user masters each feature, she is able to use them all together to review and rationalize its code base.
RB: Does NDepend work with the .NET Framework 3.5? 3.0?
PS: Yes, the Visual Studio add-in of the new NDepend 2.6 version works with Visual Studio 2008. Also NDepend is able to analyze .NET 3.5 and 3.0 assemblies.
RB: NDepend is a product for .NET languages; do you have any plans for platforms beyond .NET? Any plans for analyzing dynamic code bases?
PS: Yes. NDepend is coded in C# but just 5% of our code is dedicated to .NET code analysis. It means that 95% of our code is abstracted from the platform of the code analyzed. In this context, a tier company, octo technology is currently developing a version of NDepend that will analyze Java code. Primarily octo technology, a French consultancy company focusing on software and information systems architecture, is a consulting company consisting of Java and .NET experts. Octo .NET consultants like NDepend and when the Java consultants were asking for the same tool. We then decided to do a partnership.
A beta version of the project XDepend (the Java NDepend version) will be available in Q1 2008.
RB: NDepend looks complicated for someone getting into code analysis; do you have tutorials or how-to for users?
PS: There is an embedded help section in the VisualNDepend UI that contains some 'Getting Started' explanations and some screencasts are also linked. There are some 3 minute screencasts to get started www.ndepend.com/GettingStarted.aspx. Some others screencasts that describe main use-cases scenario are referenced on the main page here. To go further, we also provide some documentation such as the complete CQL specification, the description of all metrics, a summarizing poster done by Scott Hanselman, Stuart Celarier and Patrick Caulwell, Placemat Visualization Expert Pdf and more in our documentation section. Also, I am regularly feeding a blog on http://codebetter.com/blogs/patricksmacchia/default.aspx where I explain advanced usages of NDepend.
RB: Do you offer training for software teams to get them up and running quickly?
PS: We sometime visit clients that ordered enterprise licenses and wanted some special training. Even though training is not our main activity we will continue with it. It is very informative to have a direct contact with users. The product is full of features driven from users' feedback.
RB: What do you consider to be the most powerful or best feature of NDepend? And why?
PS: Tough questions, actually we use NDepend a lot to code NDepend. Personally I use the matrix every day to browse dependencies and make sure the architecture remains clean. We have more than 400 CQL rules that permanently care for the quality of our code. I am also addict to the comparison feature. I often use it to review code that is changing. I really believe that the devil lies in changes.
The good news is that doing so pays off and considerably improves our process and let us release new versions with a sustainable rhythm. More information can be found in our release notes.
RB: Patrick, thank you so much for taking the time with me today and teaching us about NDepend.
More information about NDepend can be found on the NDepend web site. Readers can learn more about Patrick at his blog.
Mike Hartington Jul 26, 2015