Code Audit
intermediate featureCode Audit
The Code Audit module ships 53 IL-level rules implemented via Mono.Cecil. It analyses your compiled assemblies (after Unity finishes the C# build), so the rules see what the C# compiler actually produced - boxing instructions, allocations, lifecycle pitfalls, async / threading misuse - rather than what the source seems to say.
Cecil package
Code Audit depends on the official Unity package com.unity.nuget.mono-cecil (1.10.2 or later). The first time you open the Code Audit tab, EDP installs the package automatically. Unity recompiles once, and the rule set lights up.
Rule buckets
| Bucket | Check id pattern | Count | Default state |
|---|---|---|---|
| Asmdef hygiene | EDP-CODE-ASMDEF-* | 5 | Enabled |
| Lifecycle / leak | EDP-CODE-LIFECYCLE-* | 8 | Enabled |
| API misuse | EDP-CODE-API-* | 10 | Enabled |
| Async / threading | EDP-CODE-ASYNC-* | 5 | Enabled |
| Performance | EDP-CODE-PERF-* | 15 | Enabled |
| Naming / convention | EDP-CODE-CONV-* | 10 | Disabled by default |
Asmdef hygiene
Five rules covering common asmdef misconfigurations: name mismatch (asmdef name doesn't match the file name), editor-only assembly leaking into runtime, duplicate names, empty assemblies, and missing folder for declared sources.
Lifecycle / leak
Eight rules catching MonoBehaviour patterns that leak memory or stall startup: empty Update / FixedUpdate / LateUpdate, FindObjectOfType / GameObject.Find at startup, DestroyImmediate at runtime, bare exception handlers, empty catch blocks, obsolete API usage, MaterialPropertyBlock leaks via instanced materials, allocations inside an Update body.
API misuse
Ten rules that detect API patterns proven harmful in real Unity projects: Physics overloads without a layer mask, FindObjectsByType with hidden inactive flag, Animator string-parameter setters, Invoke with a string method name, Resources.Load on a hot path, Parse without a culture provider, String.Compare without a culture provider, Debug.Log compiled into player builds, null checks against UnityEngine.Object inside Update, and similar.
Async / threading
Five rules: async void on non-event-handler signatures, fire-and-forget Task without await, raw new Thread on Unity APIs, async method without a CancellationToken parameter, blocking Task.Result / Wait().
Performance
Fifteen objective performance rules, all of them detecting allocations or expensive calls inside per-frame methods. Boxing in Update, Camera.main / Camera.allCameras in Update, GetComponent in Update, Find / FindObjectsByType in Update, LINQ in Update, Instantiate in Update, new T[] / new List<T>() in Update, StartCoroutine without caching the WaitForSeconds, transform.Find in Update, Vector3.magnitude where sqrMagnitude would do, animator string parameters in Update, string.Format in Update, Debug.Log in Update, Object null check in Update, MaterialInstance leak in Update.
Naming / convention
Ten style rules - shipped disabled by default per design decision D-033. Class / interface naming, private field naming (_camelCase), private static field naming (s_camelCase), const naming (UPPER_SNAKE or PascalCase depending on project preference), public method naming, public field on MonoBehaviour, multiple types per file, empty namespace, long method threshold. Enable a subset that matches your team's style guide; the rest stay quiet.
Why every Code Audit rule is Manual tier
None of the Code Audit rules ship an auto-fix. Source-code edits depend on intent: the right fix for an allocation in Update could be a cached reference, a coroutine, a per-frame ring buffer, or a redesign that removes the per-frame call entirely. EDP's contract is "auto-fix is 100% safe or downgraded to Manual" - and a code-edit guess is never 100% safe. Each rule's Why this matters / Safe fix / Risk panel describes the recommended remediation in prose so you can pick the right path.
Suggest an improvement
Help us improve this documentation page.