Confirm ASP.NET website binaries do not change after adding comments in source

Question

A member of my project team needs to add source code comments to many of his ASP.NET projects to provide better documentation. Some members of the project team recommend that we conduct thorough regression testing if we add any source code comments since there is a remote chance that some of the source code might inadvertently get commented out and cause a change in behavior of the program. We would also then be required to put the application through a management of change procedure and redeploy to our production server.

It seems to me that we should be able to add the the source code comments, recompile the source code, and use something like an md5 (or sha1) hash (using something like fciv) to compare the before and after DLLs to confirm that the source code comments did not impact the compiled version. Testing this concept with a simple console application, I see that the problem is that the hash of the binaries will change if the version of the DLL increments. If I could remove the manifest from the binaries, perhaps I could then conduct an apples to apples comparison of the binaries.

As an additional challenge, these ASP.NET applications use the ASP.NET website compilation model where the code is compiled dynamically (presumably into %SystemRoot%\Microsoft.NET\Framework\version\Temporary ASP.NET Files folder) the first time the site is visited rather than the web application model where all of the project code is compiled into a single assembly in a bin folder.

Any ideas?

Answer 1

hashing of assemblies doesn't work even if the version is made constant, after each compilation a unique guid embedded inside the assembly changes, this creates a different hash each time. Is it possible to change the application so that it is pre compiled?

There is a tool called bitdiffer that will compare assemblies and report any difference. As part of your integration testing you could run the tool against your new build and compare it to the build in production. this would ensure that only assemblies with code changes get released.

There is also a tool called ndepends that has an api for comparing assemblies. It's very cool!

Answer 2

Rohan West's answer (thanks Rohan!) led me to the bitdiffer comments which provided the following solution:

• Before adding code comments, re-create the code files from IL using Reflector and the Reflector.FileDisassembler add-in. This will generate a directory of source code files that contains the core source code only without comments.
• Add code comments.
• Create a second directory of generated source code files using Reflector and the Reflector.FileDisassembler add-in.
• Use a differencing tool such as WinMerge to compare the before and after generated source code directories and confirm that the source code comment changes did not change the core code.