, , ,

I work as a software engineer in my day job, but I graduated in November last year. I hadn’t heard of static analysis until just under three months ago, and now I wonder why I didn’t.

For those who don’t know what static analysis is, it involves looking at code to find errors without running it. This can be done manually, but humans are useless fallible, so it’s the sort of thing computers can do instead. At work, I’ve got used to using JSHint for linting JavaScript via Grunt, as well as using SonarQube for JavaScript and Java. These allow you to specify individual files to check for errors, with specific rules – such as unused variables, methods with too many if/else statements, or duplicated code – and I thought it would be useful for me.

I’m using MonoDevelop to write my code, so obviously I’ve looked for anything that will work with that. So far, I’ve found some Gendarme Rules for Unity. Gendarme is a .NET assembly analysis programme, so instead of scanning individual files, it scans an entire library. For Unity projects, select the Assembly-CSharp.dll (or, depending on your language or choice, Assembly-Boo.dll/Assembly-UnityScript.dll) file for analysis. The location of any of these is project_root\Library\ScriptAssemblies, e.g. on Windows it might be in C:\Users\{me}\Documents\Unity\{MyProject}\Library\ScriptAssemblies, depending on where you put your project folder. After you set the rules, it examines the library and produces a HTML report that you can view in your browser, listing which rules were violated by which line of code.

I do have one minor problem with Gendarme: it examines libraries, not individual files, so the report will include defects in any third-party assets. However, it does pick up things like empty Update and Start methods, recurrent calls to GetComponent, or unused methods and parameters (that latter one is something the compiler will notice, but it won’t notice unused methods). While I find that the extra defects make it a little harder to pinpoint problems in my code, it does indicate how severe those defects are and what can be done to fix them. Overall, I like it, and I’ve started to build it into my workflow.