Cyclomatic complexity
Download as PPTX, PDF
1 like222 views
Static code analysis is performed to analyze code quality, design, vulnerabilities, and bugs without executing the code. Types of static analysis include checking code style, security, errors, duplicates, secrets, comments, unused code, and complexity. Cyclomatic complexity measures code complexity more accurately than lines of code. It is calculated using McCabe's function based on the number of edges, nodes, and connected components in the control flow graph of the code. Higher complexity leads to reduced readability, testability, and maintainability. Checking complexity per method can provide insight into violations of principles like single responsibility. Keeping code simple, dry, and solid improves quality.
Cyclomatic complexity
- 1. Cyclomatic complexity Code static analysis
- 2. What is it Static Analysis and why we do it ?
- 3. It's a type of code analysis done, not at execution time, that give us some metrics about : 1. Code quality 2. Design 3. Insight about vulnerabilities . 4. Bugs
- 4. Static analysis types : 1. Code style 2. Security Linting 3. Error detection 4. Duplicate code detection 5. Secret Detection 6. Comment style 7. Unused code detection 8. Complexity
- 5. Cyclomatic complexity ! Why ? Measure the complexity of some code with more accurate metric than just volume . Eventually we all aim to improve software quality : 1. Changeability 2. Tetability
- 6. Some theory : MacCabe function . M = E - N + 2P
- 7. What does it mean ? 1. E = the number of edges of the graph 2. N = the number of nodes of the graph 3. P = the number of connected components M obviously is the complexity we are trying to calculate . If you re connect your exit point to your entry point the formula will change as follow : M = E -N + P
- 8. Control Flow Graphs A representation using graph notation, of all paths that might be traversed through a program 1. Each basic block represented as graph node 2. Jump targets start block , jumps end block 3. Jumps represented as directed edges A. Allows tracing execution dependant on given inputs without running application B. Trace data sinks back to original source C. Data sanitized several function calls ago ? Trace the graph back and find it . D. Help to discover and build test cases
- 9. Complexity Case 1 IF - THEN - ELSE
- 10. Complexity Case 2 WHILE LOOP
- 11. Complexity Case 3 LOOP with BREAK point
- 12. Complexity Case 4 SWITCH CASE
- 13. Complexity Up : less readability, Harder to test , harder to mantains. Complexity increase with the number of branches you give to your code.
- 14. What can I get from it Checking complexity per method /function and class I can get some insight about my code design. In Fact if a class has a high complexity it's possible that there is a violation of Single responsibility principle . As well it's possible that will be harder as well for the class to respect the Open Close principle.
- 15. Avoid complexity: KISS KEEP IT SIMPLE STUPID
- 16. Try to keep it DRY !! DO NOT REPEAT YOURSELF
- 17. Be SOLID S.O.L.I.D : 1. Single responsibility principle 2. Open close principle 3. Liskov Substitution Principle 4. Interface Segregation Principle. 5. Dependency Inversion Principle
- 18. Links & References JavaScript 1. http://jshint.com/ 2. https://eslint.org/docs/rules/complexity.html Python 1. http://radon.readthedocs.io/en/latest/commandline.html 2. https://www.fullstackpython.com/code-metrics.html Nice links https://medium.com/unbabel-dev/refactoring-a-python-codebase-using-the-single- responsibility-principle-ed1367baefd6