[Mono-dev] New Gendarme Rules

Russell Morris russell at russellsprojects.com
Mon Apr 17 23:10:13 EDT 2006

Hello all,

I'm beginning to undertake some work on a few new Gendarme rules.  The
attached document outlines ideas for 5 new Gendarme rules I plan on
writing in the next week or two.  I'd appreciate it if some folks could
look over them and provide any suggestions or criticisms.  

Particularly, rules 4 and 5 concern safe usage of IDisposable objects.
I want to be able to catch non-disposal (4) and also potentially
premature disposal (5) scenarios.  However, neither rule should trip
code that either aggregates IDisposable objects as a part of its
lifetime, or participates in a chain of IDisposables (like an
implementation of Stream).


-------------- next part --------------
Gendarme Rules

1. DontDestroyExceptionStackTrace
  In .NET, an Exception object's .StackTrace is a snapshot of the stack 
  information that is available at the time the exception is thrown.
  This can be somewhat of a pain, as rethrowing an existing exception from
  within a catch block can potentially reset its .StackTrace, thus
  obfuscating the original source of the Exception itself.  The following
  code will reset a thrown Exception's stack trace:
    try {
      // do some stuff
    } catch(Exception ex) {
      // do some cleanup specific to this exception type, but
      // rethrow the exception because we can't fully recover
      throw ex;
  When you need to rethrow an exception, you really have two proper means by
  which you can do this without losing information about where the exception
  The first way is to use an 'implicit' throw from within the catch block:
    try {
      // ...
    } catch(Exception ex) {
      // ... 
  The second way is to construct a new Exception-derived instance to throw, and
  include the exception you caught as its .InnerException:
    try {
      // ...
    } catch(Exception ex) {
      // ...
      throw new MyException("[Error message]", ex);
  I think ensuring that Exceptions are properly rethrown (when they need to be) 
  is pretty important to maintainability.  Anyone who's ever had to dive into
  a call graph to find the source of a NullReferenceException that has had its
  stack trace destroyed will agree, I think :)
2. DontSwallowNonExceptionDerivedExceptions
  In the CLR, anything can be thrown as an exception - not just instances of 
  classes that derive from System.Exception.  It's an incredibly unfriendly 
  thing to do, but it can occur when integrating with managed or unmanaged 
  C++ code, or if the underlying system is capable (Win32 can barf up SEH 
  exceptions, for instance).  There may also be other .NET languages that
  allow the throwing of non Exception-derived objects, but I'm not aware of
  them.  You can catch these types of exceptions in C# code in blocks such as 
  the following:
  try {
  } catch {
    // ... will catch anything thrown, whether it's derived from
    // System.Exception or not.
  There's no exception-specific work you could do in a catch block like this, 
  because you've got no way of knowing what was thrown, or what it means other
  than 'bad'.  I believe that the majority of these 'naked' catch blocks are
  a result of programmers wanting a catch block for all exceptions, but not
  wanting to do any exception-specific cleanup.
  Catching and swallowing non System.Exception-derived exceptions is a bad 
  thing, I believe, because exceptions that nasty should really bubble up to
  the framework (they're not thrown for fun - they indicate something 
  extraordinarily bad has happenned).
  Of course, folks writing .NET code in languages like C++ that can happily 
  catch non Exception-derived exceptions should turn this type of rule off.  
  But I would suggest that, in the majority of cases, flagging this 'naked'
  catch block as an error is the appropriate response.
3. DontBeLazyLogIt
  Typically, any time you catch an Exception, it's worth logging as a DEBUG
  mode message.  This rule would inspect the instructions available in the
  catch{} block to ensure that the caught exception was being passed to some
  function call.  I think this would be a relatively unobtrusive and 
  effective way of ensuring that the exception wasn't silently swallowed.
  The following code would trip the rule:
    try {
      // ...
    } catch(Exception ex) {
      // silently swallow the exception
    try {
      // ...
    } catch(Exception ex) {
      // emit a braindead message that doesn't help anyone
      System.Console.WriteLine("Error occurred...");
  The following code blocks would not trip the rule, as the caught exception
  'ex' is either passed as an argument to a function, or is used to initialize
  the arguments passed to a function:
    try {
      // ...
    } catch(Exception ex) {
      // Still pretty lazy, but better
      System.Console.WriteLine("Error: " + ex.Message);
    try {
      // ...
    } catch(Exception ex) {
      // Much better
        "Error while trying to [blah...]",
4.  DisposeOfLocalIDisposables

  In general, it's a good idea to .Dispose() ( or .Close() ) on an object
  that implements IDisposable when you're done with it.  However, it's bad
  to be too enthusiastic, as such objects will sit around unusable until the
  GC decides to get ride of them.
  This rule will ensure that IDisposable instances that are provably local in
  scope are created in a try{} block, and Dispose()'d or Close()'d in the 
  adjoining finally{} block.

  The following code would trip the rule because it doesn't .Dispose()
  a provably-local IDisposable. (A FileStream is used in this example.  
  System.IO.Stream, unfortunately, explicitly implements 
  IDisposable.Dispose(), meaning that you'd have to explicitly cast to
  IDisposable before calling Dispose().  Stream.Close() is implemented as
  a synonym for .Dispose(), so the rule treats a call to .Close() as
  equivalent to a call to .Dispose()).
    FileStream fs = null;
    try {
      fs = new FileStream("/foo/bar.baz");
      //... do stuff
    } finally {
      if(fs != null) {

  Note that this rule would NOT be tripped if the newly created IDisposable
  was stored in a static or member variable, or if it was passed to a 
  function or a property setter.

5.  DontDisposeOfNonLocalDisposables
  On the flipside, it's usually a bad idea to Dispose() IDisposables if you
  aren't really sure everyone that could have a reference to it is done
  with it.
  The following code would trip this rule, because it disposes of
  an IDisposable instance that could potentially be referenced outside of
  this function's scope.
    FileStream fs = null;
    try {
      fs = new FileStream("/foo/bar.baz");
      //... do stuff
    } finally {
      if(fs != null) {
  Note that this rule would NOT be tripped if the IDisposable instance 
  whose .Dispose() was called was not created in this function.

More information about the Mono-devel-list mailing list