Support of Visual Basic .NET in SharpChecker Static Analyzer

This paper presents the implementation of static analysis for Visual Basic .NET (VB.NET) within the industrial tool SharpChecker. Leveraging the Roslyn compiler framework, VB.NET analysis was integrated into SharpChecker, enabling static code analysis for VB.NET projects. The process involved building support for VB.NET projects, creating a comprehensive test suite, implementing a source code indexer, and adapting existing analyzers to support VB.NET syntax nodes and operations. Evaluation of translated tests and real-world projects demonstrated production-acceptable analysis quality, paving the way for improved maintenance of VB.NET projects. Additionally, the study highlighted SharpChecker’s capability for cross-language analysis, showcasing its ability to handle mixed C# and VB.NET projects efficiently.

1. V. Koshelev, V. Ignatiev, A. Borzilov, and A. Belevantsev. SharpChecker: static analysis tool for C# programs. Programming and Computer Software, 43(4):268–276, 2017.

2. dotnet/roslyn: The Roslyn .NET compiler provides C# and Visual Basic languages with rich code analysis APIs.https://github.com/dotnet/roslyn. [Online, accessed 23.10.2021].

3. R. Baldoni, E. Coppa, D. C. D’elia, C. Demetrescu, and I. Finocchi. A survey of symbolic execution techniques. ACM Comput. Surv., 51(3), 2018. DOI: 10.1145/3182657. URL: https://doi.org/10.1145/3182657.

4. TIOBE Index for ranking the popularity of Programming languages. https://www.tiobe.com/tiobe-index, 2022.

5. Wikipedia contributors. List of tools for static code analysis — Wikipedia, the free encyclopedia, 2024. URL: https://en.wikipedia.org/w/index.php?title=List_of_tools_for_static_code_analysis&oldid=1218561224. [Online; accessed 15-April-2024].

6. W. Wei, M. Yunxiu, H. Lilong, and B. He. From source code analysis to static software testing. In 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA), pages 1280–1283. IEEE, 2014.

7. A. Almossawi, K. Lim, and T. Sinha. Analysis tool evaluation: coverity prevent. Pittsburgh, PA: Carnegie Mellon University:7–11, 2006.

8. E. Firouzi and A. Sami. Visual studio automated refactoring tool should improve development time, but resharper led to more solution-build failures. In 2019 IEEE Workshop on Mining and Analyzing Interaction Histories (MAINT), pages 2–6. IEEE, 2019.

9. Resharper features. https://www.jetbrains.com/ru-ru/resharper/features/, 2022.

10. V. Lenarduzzi, F. Lomio, H. Huttunen, and D. Taibi. Are sonarqube rules inducing bugs? In 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pages 501–511. IEEE, 2020.

11. G. A. Campbell and P. P. Papapetrou. SonarQube in action. Manning Publications Co., 2013.

12. Common vulnerabilities. https://www.kiuwan.com/common-vulnerabilities/, 2024.

13. Vb.net static code analysis. https://rules.sonarsource.com/vbnet/, 2024.

14. Wikipedia contributors. Common intermediate language — Wikipedia, the free encyclopedia, 2024. URL: https://en.wikipedia.org/w/index.php?title=Common_Intermediate_Language&oldid=1218588686. [Online; accessed 16-April-2024].

15. V. N. Ignatiev, V. K. Koshelev, A. I. Borzilov, A. A. Belevantsev, N. V. Shimchik, and M. V. Belyaev. Detector of unreachable code in C# programs of the static analysis tool “SharpChecker”, 2017.

16. U. V. Tyazhkorob, V. N. Ignatiev, and A. A. Belevantsev. Finding uses of a disposed resource in source code in C# using static analysis methods. Proceedings of the Institute of System Programming RAS, 34(6):41–50, 2022.