Analysis configuration

Introduction

As explained in .NET - Prepare and deliver the source code, CAST AIP extracts relevant information used to create the automated analysis configuration from the .NET project files. Currently the .NET Analyzer extension supports these build project files:

  • Visual Studio 2003 - 2019

For any other build project format CAST AIP will not be able to automatically retrieve build information: no Analysis Unit will be created and no analysis configuration will be provided. To address this situation, the Analysis Unit and the analysis configuration should be created manually using the legacy CAST Management Studio (no interface available in AIP Console to do this). This case falls outside of the out-of-the-box support and is out of scope of a standard analysis.

Using CAST Imaging Console

CAST Imaging Console exposes the Technology configuration options once a version has been accepted/imported, or an analysis has been run. Click DOTNET Technology to display the available options:

Technology settings are organized as follows:

  • Settings specific to the technology for the entire Application (i.e. all Analysis Units)
  • List of Analysis Units (a set of source code files to analyze) created for the Application
    • Settings specific to each Analysis Unit (typically the settings are the same or similar as at Application level) that allow you to make fine-grained configuration changes.

Settings are initially set according to the information discovered during the .NET - Prepare and deliver the source code when creating a version. You should check that these auto-determined settings are as required and that at least one Analysis Unit exists for the specific technology:

Technology level settings

Dependencies

Dependencies are configured at Application level for each technology and are configured between individual Analysis Units/groups of Analysis Units. You can find out more detailed information about how to ensure dependencies are set up correctly, in Validate dependency configuration.

Analysis Units

This section lists all Analysis Units created automatically based on the source code discovery process. You should check that at least one Analysis Unit exists for the specific technology. Settings at Analysis Unit level can be modified independently of the parent Technology settings and any other Analysis Units if required - click the Analysis Unit to view its technology settings:

Clicking an Analysis Unit will take you directly to the available Analysis Unit level settings:

Technology settings at Analysis Unit level

All settings at this level are read-only for the .NET technology.

Main files

Project path The file based location of the corresponding project. This field is read-only.
Project type Indicates whether a Visual Studio project file or a Web site project folder will be used to determine the source code files for the analysis. This field is read-only.
Visual Studio project file Indicates the .vbproj/.vbdproj/.csproj/.csdproj file that is defined as the Visual Studio project file for the Analysis Unit for analysis purposes. This field is read only.
Web site project folder Indicates the folder that is defined as the Web site project folder for the Analysis Unit for analysis purposes. This field is read only.

Files to analyze

Lists all files that are included in the current Analysis Unit and which will be analyzed:

Referenced assemblies

This section lists all the .NET assemblies that have been referenced while delivering the source code (see .NET - Prepare and deliver the source code) and which are external to your project’s source code, i.e. custom assemblies or assemblies from the .NET Framework:

Using legacy CAST Management Studio

Introduction to analysis configuration options

The CAST Management Studio has three levels at which analysis configuration options can be set:

Technology
  • The options available at this level are valid for all Applications managed in the CAST Management Studio.
  • These are the default options that will be used to populate the same fields at Application and Analysis Unit level. If you need to define specific options for a specific Application or Analysis Unit, then you can override them.
  • If you make a change to a specific option at Application or Analysis Unit level, and then subsequently change the same option at Technology level, this setting will NOT be mirrored back to the Application or Analysis Unit - this is because specific settings at Application and Analysis Unit level have precedence if they have been changed from the default setting available at Technology level.
Application
  • The options available at this level set are valid for all corresponding Analysis Units defined in the current Application (so making changes to a specific option will mean all Analysis Units in that specific Technology will "inherit" the same setting). If you need to define specific options for a specific Analysis Unit in a specific Technology, then you can do so at Analysis Unit level.
Analysis Unit
  • Options available at this level are valid only for the specific Analysis Unit.
  • An Analysis Unit can best be described as a set of configuration settings that govern how a perimeter of source code is consistently analyzed.
  • Analysis Units are automatically created when you use the Set as current version option to deploy the delivered source code - as such they correspond to Projects discovered by the CAST Delivery Manager Tool. However, they can also be created manually for situations where no Analysis Unit has been automatically created for a given project.
    • When the Analysis Unit has been created automatically, options will "inherit" their initial configuration settings from the discovery process in the CAST Delivery Manager Tool (i.e. "project" settings). Where an option could not be defined automatically via the CAST Delivery Manager Tool, it will "inherit" its initial configuration settings from those defined at Technology level and at Application level.
    • Analysis Units that are manually defined will "inherit" their initial configuration settings from the settings defined at Technology level and at Application level.
  • Modifying an identical option at Technology level or at Application level will automatically update the same option in the Analysis Unit editor unless that specific option has already been modified independently in the Analysis Unit editor.

Some settings at Application and Analysis Unit level have a “Reset” option - using this will reset the option to the value set at the parent level:

Auto-configuration validation

Technology / Application level

Using the Technology level or Application level options, validate the settings for .NET packages. Make any update as required. These settings apply to the Technology or Application as a whole (i.e. all Analysis Units):

Analysis Unit level

To inspect the auto-generated analysis configuration, you should review the settings in each Analysis Unit - they can be accessed through the Application editor:

Technology options

The available options for configuring an analysis are described below. Note that some options are not available at specific levels (Technology/Application/Analysis Unit):

Source Settings

This tab shows the location of each type of source code in the .NET Analysis Unit - this is determined automatically by the CAST Delivery Manager Tool. You should, however, review the configuration and make any changes you need:

Project path The file based location of the corresponding project. This field is read-only. When the field contains User defined, this indicates that the Analysis Unit has been defined manually instead of automatically following the use of the CAST Delivery Manager Tool.
Source Selection Indicates whether a Visual Studio project file or a Web site project folder will be used to determine the source code files for the analysis. This field is read-only for all auto-created Analysis Units.

When working with a manually defined Analysis Unit, you must select an option to determine what will be analyzed. Selecting an option will change the options below:

Visual Studio project file Indicates the .vbproj/.vbdproj/.csproj/.csdproj file that is defined as the Visual Studio project file for the Analysis Unit for analysis purposes.

If this Analysis Unit is automatically defined, then this field is read only.

Web site project folder Indicates the folder that is defined as the Web site project folder for the Analysis Unit for analysis purposes.

If this Analysis Unit is automatically defined, then this field is read only.

Analysis

The settings in this tab govern how the source code is handled by the analyzer:

Click to enlarge

Referenced Assemblies

Only visible at Analysis Unit level.

External Assemblies
This section lists all the .NET assemblies that have been packaged in the CAST Delivery Manager Tool (usually via the specific .NET assemblies on your file system option) and which are external to your project's source code, i.e. custom assemblies or assemblies from the .NET General Assembly Cache (GAC) located under:
  • C:\Windows\assembly (.NET Framework 1.0 - 3.5)
  • C:\Windows\Microsoft .NET\assembly (.NET Framework 4 and above)

These assemblies will be listed but will be "greyed" out and cannot be edited, re-ordered or deleted - unlike manually added assemblies:

If an assembly was not delivered via the CAST Delivery Manager Tool, it is possible to manually add an assembly or a folder of assemblies:

Add a new Assembly - you will be given the choice of adding:
  • a single assembly as a file (.DLL)
  • a folder containing a set of assemblies (.DLL)
Edit an assembly that has been added via the CAST Management Studio.
Re-order the list of assemblies that have been added via the CAST Management Studio.
Delete an assembly that has been added via the CAST Management Studio.

Use this button to reset the list to the entries defined by the CAST Delivery Manager Tool.

Key for the list of assemblies table:

Type

Will display either:

  • Assembly folder (this is only displayed when an assembly has been manually added)
  • Assembly
Path Shows the path to the assembly or assembly folder. Assemblies delivered via the CAST Delivery Manager Tool will point to the Delivery folder.
Recursive Only visible for a manually added Assembly folder. Indicates whether (or not) the folder will be searched recursively for .DLL Assemblies.

Default Scripting

Default Scripting Language for the client side This option enables you to select the Default Scripting Language for your client-side files. Use the drop down list box to choose between:
  • <none>
  • JavaScript
  • VBScript

Text Replacement

This section enables you to define Regular Expressions (that match character strings in your selected files) that you want to replace with other text:

  • Click the button to add a new line to the table listing the Text Replacements
  • Double click the new line in the table and a hidden section will appear in which you can enter the details you require:

  • Enter the Regular Expression in the Regular Expression field.
  • Chose the type of Regular Expression in the drop down list:
    • Perl (default format) - Specifies that when a regular expression match is to be replaced by a new string, that the new string is constructed using the same rules as Perl 5.
    • Sed - Specifies that when a regular expression match is to be replaced by a new string, that the new string is constructed using the rules used by the Unix Sed utility in IEEE Std 1003.1-2001, Portable Operating System Interface (POSIX), Shells and Utilities.
    • Tcl - Specifies that when a regular expression match is to be replaced by a new string, the text that matches the regular expression will be replaced by the replacement text.
  • Enter the text you want to replace the Regular Expression with, in the Replacing Text field.
  • The new line in the table above should now be populated with your changes:

Add a new Text Replacement

Re-order the list of Text Replacements. This is important because the order in which the items appear in the list, is the order in which the analyzer will replace the character strings that match the Regular Expressions. Thus, if you have a complicated set of Regular Expressions and replacement texts, difficulties could arise if the order in which they are dealt with is not correct.

Delete an existing Text Replacement

Only visible at Application and Analysis Unit level

Use this button to reset the list to the entries defined at one level higher:

  • Analysis Unit level - entries will be reset to all listed at Appplication level
  • Application level - entries will be reset to only those listed at Technology level
  • Use Text Replacement with caution. First try to change the source tree to reflect the production environment and then use Text Replacement for other cases.
  • You can use the Test Text Replacement option to check whether your proposed configuration will function as expected:
    • You will be prompted to choose a source file on which the Text Replacement will be tested.
    • Results of the replacement will be shown in a copy of the selected source file.

JavaScript Frameworks

Exclude standard JavaScript libraries? This option enables you to exclude standard JavaScript libraries from the analysis: when excluded, standard JavaScript libraries will be analyzed and stored in the CAST Analysis Service (thus allowing links to resolve correctly), however the objects will not appear in the CAST Engineering Dashboard. This prevents the "pollution" of Technical Size measures, module/application grades, and violation lists (among others) with large numbers of JavaScript objects that are not used and not maintained by the Development team. This option is active by default and activates the default .NET Environment Profile. for JavaScript Frameworks.

Production

Data to generate - Dynamic Analysis options

Resolve virtual function calls

Selecting this option (default position) will force the analyzer to resolve calls made by virtual functions. When selected, this option will automatically activate what was known as the Inference Engine in previous releases of CAST AIP (run time type information will be computed in order to simulate program behaviour during execution of the analyzer and thus identify additional links that would not otherwise be "discovered" using standard analysis techniques. This technology detects a reference to an object wherever its name is mentioned, regardless of the context in which this reference occurs).

Unselecting this option will cause a loss of links to virtual functions and therefore have a significant (negative) impact on the calculation of Automated Function Points.

Create accurate client / server links

Selecting this option will force the analyzer to find all method calls that target a database, and find all strings that eventually reach those calls. Any database link created from those strings is guaranteed to be correct. Without this option, all database links created from strings are not guaranteed to be correct (e.g. strings used in logs).

When selected, this option will automatically activate what was known as the Inference Engine in previous releases of CAST AIP (run time type information will be computed in order to simulate program behaviour during execution of the analyzer and thus identify additional links that would not otherwise be "discovered" using standard analysis techniques. This technology detects a reference to an object wherever its name is mentioned, regardless of the context in which this reference occurs).

String Concatenation

When Resolve virtual function calls or Create accurate client / server links is selected, this value (default = 15000) limits the number of strings that can be found during the search of each object value.

Note that limiting the number of strings can lead to incomplete results, however, performance is improved.
Procedure Call Depth

When Resolve virtual function calls or Create accurate client / server links is selected, this value (default value in ≤ 8.3.173000 and in ≥ 8.3.18 = 300) limits the number of intermediate values that the Inference Engine can resolve in order to obtain the type of the object that is being searched for.

  • Limiting the number of intermediate values will improve performance for certain applications where the default value is too high. For example, changing the value to 300 for Applications which ordinarily have a very long analysis time with the default value of 3000 in ≤ 8.3.17, will significantly reduce the analysis time. However, reducing the value can lead to less precise results, but this is usually an acceptable trade off, especially when the unsuccessful candidates are automatically linked to all overrides using the fallback mechanism that has been introduced in releases 1.0.14, 1.1.6 and 1.2.0-beta5 of the .NET Analyzer. The lowest value you can enter is 1.
  • For all Applications newly onboarded with ≥ 8.3.18 the value will be set to 300. For Applications that are upgraded from a previous release of AIP to ≥ 8.3.18, the previous value for this option will be retained to avoid impacting analysis results, therefore to benefit from improved performance, you will need to manually update the value to 300.
Allow extensions This option is active by default. If you have installed any extensions to support technologies such as WPF or WCF, then the extension will be called and run during the .NET analysis. If you would prefer to deactivate the extensions during a .NET analysis (for example to troubleshoot or to improve performance), unticking this option will do so. The extensions will not be called during the .NET Analysis.

Data to generate - Web parsing options

Add called files to selected files list Selecting this option will automatically add any files to the list of files selected for analysis that are called by files that you have already selected.
Add included files to selected files list Selecting this option will add any files to the analysis list that are included in files that you have already selected.
Maximal Complexity

This option enables you to manually enter a percentage which will refer to the m complexity of the analysis process.

  • A complexity percentage of 100 (default) corresponds to a maximum of 10,000 function analyses (function * context) for a given file.
  • A complexity percentage of 70 corresponds to a maximum of 7,000 function analyses (function * context) for a given file.
  • A complexity percentage of 0 corresponds to an unlimited analysis of all the called functions.

If the maximum number of function analyses is reached, this will be logged.

File analysis too complex. Next function calls will not be followed by a 
function analysis if the function has already been analyzed

When the limit is reached, links to the function will be created correctly, but links from the function will not be created.

You should alter the complexity percentage if your analyses are taking a long time to complete with the default setting of 100%. Changing the percentage to a lower figure will reduce the number of function analyses for a given file, thus improving performance. Remember though that doing will cause some links not to be created.

See the CAST Management Studio help for more information about this global option.

Dependency settings

If the CAST Delivery Manager Tool did not detect any inter-Analysis Unit dependencies (i.e. Discovered dependencies) then it will create a “global” default dependency between .NET and .NET. CAST highly recommends that this default rule is removed if the deployed package contains more than three Analysis Units. In addition, CAST highly recommends that you avoid creating a custom .NET > .NET rule if the deployed package contains more than three Analysis Units.

This global default rule can cause the creation of inaccurate links between objects which has a knock on effect on Quality Rule results and on Quality Rule results and on Transaction flow.