Tips » Application Code Quality » A Crash Course In Code Metrics

A Crash Course In Code Metrics

by Don Jones

When it comes to the question of code quality, metrics are something you'll spend a lot of time on. Coming up with a way of absolutely measuring the quality of a given application or piece of code is important because doing so also lets you measure improvements in quality. And quality isn't the only thing you'll want to measure; being able to measure code complexity and maintainability, for example, can help you focus development and testing efforts where they'll do the most good.

Cyclomatic complexity is one of the measurements often used in software development. It attempts to measure the absolute complexity of an application, on the theory that a more complex application will be harder to thoroughly test and maintain, and thus be more difficult to bring to a high level of quality. Essentially, cyclomatic complexity measures the number of paths that an application's code has. For example, an If statement has at least two paths, depending on the statement's criteria; a Switch construct may have several dozen paths. Actually coming up with a score for cyclomatic complexity is a complex process; you create a chart that illustrates all the potential paths in the application, then perform some impressive math based on elements in that chart. There's a nice illustration at http://en.wikipedia.org/wiki/Cyclomatic_complexity, but in reality, most of us just rely on automated code quality tools to examine our code and come up with a complexity score for us.

Other metrics are less math-based, especially metrics that relate more directly to quality. For example, one sign of a higher-quality application is source code that uses meaningful variable names, proper code formatting, and other elements. These elements contribute to quality because they help make the code easier to understand and maintain, which in turn tends to lead to fewer bugs. Although tools exist to directly measure these elements and generate a quality score, another approach is to use a source control repository that has rules regarding checked-in code. By defining rules that examine factors such as variable names and formatting, you can ensure that only compliant code enters the repository; by then, measuring the amount of checked-in code, you can get a feel for how much quality that code has, at least in the respects covered by your rules.

Other metrics focus on individual portions of code. For example, in today's world, object-oriented code is common. Object-oriented features such as inheritance can save time and effort during development, but they can also propagate bugs. Let's say you create a base class that performs some core functionality, then have one class that inherits from it. The base class isn't considered very risky because a bug in the base class only affects one inherited class. However, if you have 200 classes inheriting from the base, the base class becomes very risky because a bug in it can break 200 other pieces of code-which may themselves act as parents for other inheriting classes. There are automated tools that examine code and calculate these dependencies to help you focus testing efforts on those highly-depended-upon base classes that carry a higher level of risk.

Ultimately, one of the best gauges of quality can be the most difficult to actually figure out. In the end, an application's quality isn't determined by how many bugs it has, or how complex the code is, or any of those things. An application's quality is measured by how well it does the task for which it was written. If the application was written to a well-communicated set of requirements, the best quality measure is to simply examine how many of those requirements have been completely met by the final application. Having a solid set of requirements, then, can help drive not only application development but also better application quality by providing an objective, real-world yardstick that aligns with end-user expectations.

Don Jones has more than a decade of professional experience in the IT industry. He's the author of more than 30 IT books, including Windows PowerShell: TFM; VBScript, WMI, and ADSI Unleashed; Managing Windows with VBScript and WMI; and many more. He's a top-rated and in-demand speaker at conferences such as Microsoft TechEd and TechMentor, and writes the monthly Windows PowerShell column for Microsoft TechNet Magazine. Don is a multiple-year recipient of Microsoft's "Most Valuable Professional" (MVP) Award with a specialization in Windows PowerShell. Don's broad IT experience includes work in the financial, telecommunications, software, manufacturing, consulting, training, and retail industries and he's one of the rare IT professionals who can not only "cross the line" between administration and software development, but also between IT workers and IT management. Don is a co-founder of Concentrated Technologies, and serves as author and series editor for Realtime Publishers.