Visual Studio Toolbox

Code Analysis, Profiling and Refactoring Tools for Visual Studio 2017

Premature optimization may be the root of all evil, but these tools will make sure your code is clear, clean and secure.

• By Terrence Dorsey
• 10/26/2017

Testing your application before shipping is an important part of the development process, and an important part of testing is making sure your application executes efficiently and responsively. That’s where code analysis and profiling tools and techniques come into play: They let you evaluate your code for errors, bottlenecks and efficient use of processing and memory resources. Modern code profiling tools can point you directly to the exact lines of code that need refactoring -- or to libraries and other dependencies that are weak points in your application architecture.

Prior to Visual Studio 2012, most of these kinds of code analysis and testing tasks needed third-party tools and manual build/test/analyze/repeat tasks for the developer. Today, Visual Studio has pretty solid analysis tools built in. Plus, there are excellent tools that help you dig even deeper into your application for performance testing and optimization, project templates that have efficient dependencies and built-in test frameworks, and solid tools to integrate automated analysis and testing into your build-and-release workflows.

Performance Tools in Visual Studio
A comprehensive suite of built-in code and analysis tools was first grouped together in the Performance and Diagnostics Hub in Visual Studio 2013, which was further refined and advanced in the Performance and Diagnostic page and Diagnostic Tools debugger window in Visual Studio 2015.

With Visual Studio 2017, these tools are so integrated into the IDE that they no longer have a fancy name, but they continue to be extended and enhanced nonetheless. You'll find excellent documentation and tutorials on Microsoft Docs starting with "Getting Started with Performance Tools" and "Beginner's Guide to Performance Profiling in Visual Studio." You'll find information about runtime data collection and profiling not just for traditional .NET Framework applications but also JavaScript, ASP.NET and Web sites, High-Performance Computing (HPC) clusters, load testing and even energy use.

Another tool I'm going to include here is Vance Morrison's PerfView CPU and memory performance-analysis tool. Morrison is a senior architect at Microsoft and wrote PerfView for internal performance analysis and tuning by the teams building the .NET Framework and Visual Studio. It's now an open source tool still under active development. For further details see Brandon Bray's blog post, "Improving Your App’s Performance with PerfView."

Building extensions for Visual Studio? Take a look at "How to: Diagnose Extension Performance," which specifically employs PerfView to measure the impact of extensions when they load. And for a great example of how PerfView continues to be applicable to new types of development projects, see "Using PerfView with Azure Service Fabric Event Source Messages" on the Microsoft Premier Developer blog.

More Profiling and Debugging Tools
Beyond the tools available from Microsoft are third-party tools designed to meet your development fine-tuning needs.

JetBrains dotTrace Profiler helps you trace execution time, garbage collection, workload distribution, I/O performance and more, supporting .NET Framework and .NET Core applications including Windows Presentation Foundation (WPF) and Universal Windows Platform (UWP), ASP.NET, Windows and Windows Communication Foundation (WCF) services, and Silverlight. You can profile SQL queries and HTTP requests. You can even profile unit tests.

You can license dotTrace on its own, and there's a 10-day trial version available for you to run through its paces. dotTrace is also available as part of the comprehensive ReSharper Ultimate package, which adds ReSharper code analysis, style, and refactoring tools for .NET Framework and C++, dotCover unit testing and code coverage analysis, dotMemory memory profiling, and a dotPeek decompiler and assembly browser.

Redgate ANTS Performance Profiler is another popular tool for .NET Framework-based desktop, ASP.NET and ASP.NET MVC projects. ANTS provides the same code timing analysis as other tools, but also digs deeper into database request performance with support for enhanced data access profiling, with support for SQL Server, Oracle, MySQL, MariaDB, and PostgreSQL. Redgate's ANTS Memory Profiler finds memory leaks and helps you optimize the memory usage in C# and Visual Basic code. Both products are included in the .NET Developer Bundle, which also includes .NET Reflector.

DevExpress CodeRush is another analysis and refactoring tool for C#, Visual Basic and XAML code bases. The CodeRush analysis tools not only work with your core solutions, but also have built-in unit test integration supporting NUnit, xUnit, MSpec and MSTest frameworks, as well as CoreCLR test cases in the DNX environment. Licensing is available on a yearly subscription basis (monthly updates seem to make this worthwhile), and a 30-day trial is available for download from the DevExpress Web site.

Tools from Microsoft DevLabs
Microsoft DevLabs often releases extensions for preview tooling ideas being considered for future Visual Studio releases. For example, the Microsoft Code Analysis 2017 extension gives you built-in access to more than 100 of the most popular FxCop rules as live analyzers. The analyzers watch your C# or Visual Basic code as you type and provide tips on performance, security and best practices, as well as access to a dictionary of code quick fixes.

Microsoft DevSkim is a more comprehensive and flexible framework of plug-ins and code analyzers focused on inline security analysis of code as you type. Potential security issues are highlighted in your code with links to more information and, when available, one-click access to safe alternative code. DevSkim is designed to work with multiple development environments including Visual Studio 2015 and 2017, Visual Studio Code, Sublime Text, and others.

Analyzers from the Visual Studio Community
The open source .NET Compiler Platform "Roslyn" has opened up the possibilities for interactive code analysis to anyone who can write an extension, so let's take a look at some of the most recent free analyzers being released for Visual Studio 2017.

Austin Luo's C# Code Analyzer is a simple analyzer meant to check your string formatting for standard strings, console output, debug output and StringBuilder. This kind of analysis is really handy because we often overlook the details of strings used for edge cases and debugging, where errors make troubleshooting the rest of the application so much more difficult.

CommentCop, by Michael Reukauff, is a similar, simple analyzer for checking XML comments and region/endregion pragmas. The rules, based on StyleCop, are completely configurable and customizable.

Josef Pihrt has created a suite of useful Roslyn-based analyzer extensions starting with Roslynator for Visual Studio 2015 and Roslynator 2017 for Visual Studio 2017, which contain collections of more than 190 analyzers and 180 refactorings for C#. You can create rulesets for enabling or disabling individual analyzers or setting them as messages, warnings, or errors. Code refactorings are also completely configurable and customizable. Additional extensions by Pihrt provide just the analyzer or refactoring tools.

Hot Commands for Visual Studio, by Justin Clareburt, gives you a small collection of useful refactoring and coding tools such as toggling comments, duplicating selected code, joining lines, formatting code, moving between members, extracting class or namespace names and more.

AsyncFixer analyzes your C# Async/Await constructions for common errors and anti-patterns and suggests revisions that avoid common asynchronous code errors and increase application performance. AsyncFixer focuses on the five most common Async/Await problems seen across hundreds of projects reviewed by the tool’s developers. These include unnecessary Async/Await methods, long-running operations, fire-and-forget void methods, fire-and-forget calls in a using block, and implicit downcasting. The analyzer is part of your project so it can be available to all project team members and can run at build time on a continuous integration (CI) server. For more details on the research that identified these anti-patterns, see "LearnAsync.NET - A Study and Toolkit for Asynchronous Programming in C#." Fascinating stuff!

Code Cracker for C# and Code Cracker for Visual Basic are available as either project-based analyzers that you install as NuGet packages or as Visual Studio extensions. These are community-developed toolsets coordinated by Giovanni Bassi that include, so far, more than 40 Roslyn-based code analyzers for C# and Visual Basic along with a small library of refactorings.

JavaScript isn't forgotten here; Rich Newman's TypeScript Analyzer is a static code analyzer for TypeScript using TSLint and is based on Mads Kristensen's Web Analyzer for Visual Studio 2015 extension. It's been updated for Visual Studio 2017 and supports the latest TSLint. You can also attempt to fix errors in your code using the TSLint fixers. In addition, the tests are flexible and can be run on a build, run on the contents of a tsconfig.json file rather than the project file, and more.

More Analysis and Refactoring Extensions
SharpDevelop's Refactoring Essentials for Visual Studio 2017 is an updated version of its popular open source C# and Visual Basic refactoring library and analyzers. See the Refactoring Essentials for Visual Studio Web site for a full list of features.

U2U Consult Performance Analyzers for C# 7 provides code analysis specifically for the latest version of C#, with 40 specific analyzers so far. This is one of the few analyzer packages that isn't open source or a public project, but also isn’t a commercial package. It does, however, represent the expertise of the U2U Consult team's consulting and development services. If you like what you see here, maybe give them a call.

SonarLint for Visual Studio, from SonarSource, is a free, open source code analyzer and linter extension for C#, Visual Basic, JavaScript and C/C++ code. Straightforward enough. Things get more interesting, however, when you hook SonarLint up to a SonarQube, which gives SonarLint access to shared rulesets, continuous inspection and integration tests, and more.

Speaking of integration, and looping back to the string analysis tools mentioned earlier, Serilog Analyzer provides handy Roslyn-based analysis of error and logging strings to ensure your output matches the expected syntax for the Serilog .NET logging library.