Comparison of Roslyn Analyzers to SonarSource Analyzers

Please provide

Operating system: Windows 10 Enterprise v.20H2
IDE name and flavor/env: Visual Studio 2022 v.17.1.6
SonarLint plugin version: 6.4.1.47693
Is connected mode used: Not yet
    Connected to SonarCloud or SonarQube (and which version): –

And a thorough description of the problem / question:

I’ve just started using SonarLint for analyzing the code in some projects and I’ve seen some discrepancies between the “S” warnings that I get from SonarLint and the “CS*”, “CA*” from Visual Studio .Net Analyzers. Many seem the same, for example:

S4487 Remove this unread private field ‘Logger’ or refactor the code to use its value.
IDE0052 Private member ‘MyClass.Logger’ can be removed as the value assigned to it is never read

Others are given by one of the respective analysis tools, but not both, for example:
S2971 Drop ‘Where’ and move the condition into the ‘Count’
and
CA2254 The logging message template should not vary between calls to ‘LoggerExtensions.LogError(ILogger, string?, params object?)’

I’ve read here that

The SonarSource C# static code analyzer is a Roslyn analyzer.

My experience would suggest then that the .Net analyzers are not all Roslyn analyzers, which I can imagine to be true.

Linked question if that is the case: Can I activate all .Net Analyzers to be included in the SolarLint analysis?

So after some more research, I realize .Net analyzers are Roslyn analyzers. The ruleset is even posted here, so you can see exactly what you’ll get.

What I still don’t understand however is how Sonar inherits from this ruleset. I’ve compiled warnings and messages from my projects, and notice a large difference between the Roslyn analyzers set to Latest-All and the non-deprecated C# Sonar set. Roslyn for example is capable of picking up something like

CA1848 : For improved performance, use the LoggerMessage delegates instead of calling 'LoggerExtensions.LogWarning(ILogger, string?, params object?[])'

where I don’t find any equivalent in Sonar. Or in Sonar the following:

S1450 Remove the field '_logFactory' and declare it as a local variable in the relevant methods.

where I find no Roslyn equivalent. So clearly Sonar doesn’t implement the full Roslyn ruleset.

@Chris there isn’t a single, “full” Roslyn ruleset.

“Roslyn” is the name for the new C#/VB compiler framework. Amongst other things, the framework provides APIs that make it simple to implement new code analysis rules i.e. new Roslyn analyzers. What those rules do is entirely up to the author.

We have implemented a set of C#/VB analysis rules. as have Microsoft and dozens of other third parties. Some of our do rules do overlap with rules from other authors, including Microsoft. I’m not sure if we have a list showing the overlap; I’ll ask the team who own our .NET analyzers to comment.

2 Likes

Hi @duncanp,

Thanks for clarifying my question! I’m pretty new to Sonar, so when I first started using it, I assumed it was just an extension on top of the linked Microsoft ruleset because I saw so much overlap.

Looking forward to hearing more about any resources demonstrating relatedness between Sonar rulesets and others.