Programming Tools: Code Complexity Metrics
Recently, I was asked to maintain some old code and test some new code. Both tasks required that I understand the code with which I was working. Most of the time, these jobs are non-trivial due to the complexity of most code. At least four items can make things complex:
the obvious problem of understanding what is written
what the code is supposed to do, both at the macro and micro level
the environment in which the code is to run
the assumptions made about each of these things
A lot of tools are available to help sort out each of these issues. Few programs out there, however, try to measure the complexity of the code. I define complexity of code as the amount of effort needed to understand and modify the code correctly. As I explain in this article, computing complexity metrics often is a highly personal task. Also, few metrics have been shown to be of real value in determining the amount of effort needed to maintain or test code.
Performance metrics measure how well a valid program executes. Profiling tools fall into this category, and many tools are available. But for maintenance metrics, there are surprising few tools. Therefore, this column concerns creating a maintenance metric tool that measures complexity. It can be used as a prototype for general tools in other languages.
Maintenance metrics also are called static metrics because they are based on the source code. I subdivide maintenance metrics into formatting metrics and logical metrics. Formatting metrics deals with such things as indentation conventions, comment forms, whitespace usage, naming conventions and so on. Logical metrics deals with such things as the number of paths through a program, the depth of conditional statements and blocks, the level of parenthesization in expressions, the number of terms and factors in expressions, the number of parameters and arguments used and the like.
Complexity metrics depend on both of these types of maintenance metrics. For example, poor naming conventions can make any program hard to understand, and poor logical constructs can add to the difficulty of dealing with the code.
Another thing to notice is the number of factors that can be defined when measuring complexity. For example, you may find something easy to understand, while I may find it difficult. Given this, it would be presumptive of me to tell you how complex your code is. To solve this problem, I remembered how relational databases handle reporting.
If there is some way of finding elements of a program, putting them into a explicit context and then writing them to a row in a table, we then could use SQL-like facilities to analyze the data in any desired way. That said, we can cheat a little. While writing the records, standard metrics can be computed that may handle most needs.
The McCabe Cyclomatic Metric was introduced by Thomas McCabe in 1976. It probably is the most useful logical metric. It measures the number of linearly independent paths through a program. For example, for a simple function that has no conditionals, only one path exists. This straight-line code usually is easy to follow. Programs that have many conditionals, in turn, are harder to follow. The difficulty also increases if multiple ways of exiting the program exist. That is why it often is a headache to debug a program with many exits.
The McCabe metric is:
M = E - N + X
where M is the McCabe Cyclomatic Complexity (MCC) metric, E is the number of edges in the graph of the program, N is the number of nodes or decision points in the graph of the program and X is the number of exits from the program.
In programming terms, edges are the code executed as a result of a decision--they are the decision points. Exits are the explicit return statements in a program. Normally, there is one explicit return for functions and no explicit return for subroutines.
A simpler method of computing the MCC is demonstrated in the equation below. If D is the number of decision points in the program, then
M = D + 1
Here, decision points can be conditional statements. Each decision point normally has two possible paths.
MCC also is useful in determining the testability of a program. Often, the higher the value, the more difficult and risky the program is to test and maintain.
Some standard values of Cyclomatic Complexity are shown in Table 1:
Table 1. Standard Values of Cyclomatic Complexity
|Cyclomatic Complexity||Risk Complexity|
|1-10||a simple program, without much risk|
|11-20||more complex, moderate risk|
|21-50||complex, high risk|
|51+||untestable, very high risk|
One final word on MCC that also applies to most of the other metrics: each element in the formulae is assumed to have the same weight. In MCC's case, both branches are assumed to be equally complex. However, in most cases this is not the case. Think of the if statement with code for only one branch--yet each branch is treated as having the same weight. Also, measures of expressions are all the same, even for those that contain many factors and terms. Be aware of this and be prepared, if your tool gives you the ability, to add weight to different branches. This metric is called an Extended McCabe Complexity Metric.
- The Tiny Internet Project, Part I
- SUSECON 2016: Where Technology Reigns Supreme
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Free Today: September Issue of Linux Journal (Retail value: $5.99)
- Bitcoin on Amazon! Sort of...
- Android Browser Security--What You Haven't Been Told
- Epiq Solutions' Sidekiq M.2
- Securing the Programmer
- Machine Learning with Python
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide