Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...


Gendarme Performance Update

So Mono 2.0 RC1 was tagged this week and, like I did before, I ran my benchmark on Gendarme (results on preview #1, preview #2). No big surprise this time. Since the performance difference is less than 0.5% wrt preview #2 it didn't seem wise to disturb some many electrons for an updated table. So let's create a new one to answer "But just how much time does it take ?".

We already know how much time it takes for Mono, but a lot of people work on smaller projects (or subset of large projects). This new table shows how much time Gendarme needs to analyze (using all rules, including smells) some Mono-based OSS projects that I have installed, from repositories*, on my openSUSE11 laptop.

Projectsassemblies (#)Time (seconds)
banshee (1.2)146.50963

So next time you have a few seconds give Gendarme a try on your own projects ;-)

* caveat: no debugging symbols - either because most projects dont ship them, or because mono 2.0 MDB format is newer (and incompatible) with the one shipped in openSUSE 11 (mono 1.9.1).

** including 734 seconds inside the quite big Tao.OpenGl.dll. Since I don't suppose f-spot developer's make many changes inside it, I guess it could be removed from the analysis.

9/6/2008 12:56:51 | Comments | Permalink

Hack Week 3 - Gendarme Recap

Last week was the third edition of Novell's Hack Week. During the week I used Ohloh to describe all the changes I made to Gendarme, almost in real-time. Still a quick recap can be easier to read...

Framework Enhancements

  • New Severity.Audit for rules that will always trigger but are still useful from time to time (see new rules);
  • New IRule and IRunner TearDown methods were added to allow late reporting (of defects) and any specific rule clean up;
  • New filtering options for defects (see runners) to get shorter, more accurate, reports;
  • New [FxCopCompatibility] attribute to help map between Gendarme and FxCop rules. This will allow us to support the .NET framework [SuppressMessage] attribute.
  • New "engines" support. Engines are building additional data, on top of what Cecil provides, for the rules to consume. The runners ensure of the engine data availability before any rules that requires them start their analysis (i.e. the Check* methods). This part is not yet committed (but should be soon) and will be a moving target until 2.2 is released. Expect a few blog entries on them (there are two engines right now) later this month.

Runners Enhancements

  • The console runner has been updated to expose the new framework features, like:
    • --limit=N can be used to limit the number of defects reported during analysis;
    • --severity=... can be used to filter only some severity level (e.g. ignoring audits);
    • --confidence=... can be used to filter results more likely to be false positives.
  • A new step has been added to the wizard runner to set some options before the analysis.
    • Limit the number of defects reported;
    • Set a minimum severity level on defects;
    • Set a minimum confidence level on defects;
    • Select visibility, which allow rules to work only on visible, non-visible or all your code.


  • Quite a lot of moving, renaming and a few optimizations. Expect a bit more of this before 2.2 gets released. New assemblies were created for Code Access Security rules (Gendarme.Rules.Security.Cas) and for generic related rules (Gendarme.Rules.Design.Generic).
  • New ReviewSuppressUnmanagedCodeSecurityUsageRule to show the new Audit severity. This is a good example about something that can't be fixed (for once and for all) but where it's useful, from time to time, to know where they hide.
  • New UseGenericEventHandlerRule to promote the use of EventHandler<TEventArgs> over the creation of delegates.

Except for some rules fixes and optimizations that were backported (to 2.0) all this new stuff will be released with Gendarme 2.2 (i.e. with Mono 2.2, not 2.0). More news soon!

9/2/2008 20:30:19 | Comments | Permalink

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.