Erik's Weblog 2.0

AAS Review: CodeScanner

What is a Code Analyzer?

Mobile Innovation's CodeScanner (IDE version) is a static source code analyzer with a mobile twist. The purpose of a code analyzer is to scan your code for defects. This is accomplished by matching source code against a set of common rules and coding practices. Source code analyzers are nothing new. Tools such as lint have been around for as long as I can remember. Code analyzers are easy to find. Many are open source, most are command-line based, some even integrate closely with popular IDEs.

CodeScanner differentiates itself from others by being tailored for mobile development. Specifically, Symbian C++.

How does it work?

The IDE version of CodeScanner currently integrates with Microsoft Visual Studio 6. Support for Microsoft Visual Studio .NET and Nokia (Metrowerks) CodeWarrior is in progress. An InstallShield installer is provided for direct integration with Visual Studio. The installer does nothing more than create a couple of Tools menu items which can be used to invoke the cside.exe command-line utility. Since I use Visual Studio .NET, I manually created the CodeScanner menu options as External Tools.



The menu items can be used to scan the current file or the entire component source tree. Upon selecting one of the menu options, the source code will be automatically scanned, errors and warnings will be displayed in the output window.



Selecting a specific error in the output window will open the relevant source file and method in the source code editor pane.



Simple and straight to the point.

Does it really work?

Let me preface my analysis by stating that CodeScanner does what it claims. The scanning is thorough and quite accurate.

However, code analyzers are no substitute for manual checks and audits. In most cases they'll help developers adhere to specific coding practices and standards. Code analyzers are most useful when customized to fit your specific needs. Therein lies the problem with CodeScanner. CodeScanner offers no obvious customization whatsoever. It's all or nothing.

Upon scanning your source files, CodeScanner will return hundreds of potential problems. Take a closer look and you'll quickly realize most of them are not important to you. For example, warnings such as "use of magic numbers" or "overly long line of code" are only helpful if they closely match your own coding standards. CodeScanner does not provide a documented way to turn specific rules on or off. This means you'll always have to wade through hundreds of insignificant problem reports, potentially missing important ones. This is not what I would consider a productive use of a programmer's time.

Is it any good?

Most of the problems reported by CodeScanner are generic C++ issues. There are numerous tools that do a much better job at analyzing C++ source code. These tools offer extensive configuration options; most of them allowing for the creation of custom rule sets. CodeScanner offers no documented mechanism to place emphasis on problems specifically related to Symbian C++. Mobile Innovation has been reportedly working on a results filter which will be 'made available to customers as a maintenance release'.

For mobile specific issues, CodeScanner does an adequate job at reporting common problems. Most errors and warnings are reported with a brief (often cryptic) single line of text. You'll have to consult the CodeScanner User Guide in order to get slightly more information on the nature of each problem. The User Guide does not provide code examples with outlined solutions as you would expect from such a tool.

Conclusion

CodeScanner (IDE version) is an immature product which shows promise. The lack of customization options is a serious deterrent to its use in any kind of professional development environment. The "everything but the kitchen sink" approach to code defect reporting undermines its ability to report problems which are important to mobile developers.

The fact that the product is currently sold for a whopping US$400 with minimal documentation is not helping.

My score: 44%