[SystemSafety] McCabe¹s cyclomatic complexity and accounting fraud

Steve Tockey Steve.Tockey at construx.com
Wed Mar 28 22:07:47 CEST 2018 

All,
As I have said before,

³Software complexity is not a number, it is a vector²


Of course one can simply refactor code to reduce Cyclomatic Complexity and
yet the inherent complexity didn¹t go away. It just moved. But that¹s
kinda the whole point. Knowing that, can I call it, ³local complexities²
like Cyclomatic Complexity and Depth of Decision Nesting can be traded
for, can I call it, ³global complexities² like Fan Out, the developer¹s
goal should be to strike an appropriate balance between them. Not too much
local complexity balanced with not too much local complexity.

This is covered in a lot more detail in Appendix N of the manuscript for
my new book, available at:

https://www.dropbox.com/sh/jjjwmr3cpt4wgfc/AACSFjYD2p3PvcFzwFlb3S9Qa?dl=0




‹ steve




-----Original Message-----
From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de>
on behalf of Derek M Jones <derek at knosof.co.uk>
Organization: Knowledge Software, Ltd
Date: Wednesday, March 28, 2018 at 7:21 AM
To: "systemsafety at lists.techfak.uni-bielefeld.de"
<systemsafety at lists.techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] McCabe¹s cyclomatic complexity and accounting
fraud

Paul,

> There is the reported McCabe Complexity value for each function in a
> system. Yes, you can do things to reduce individual function complexity,
> and probably should. However, you then need to take the measure a step
> further. For every function that calls other functions, you have to sum
>the

I agree that the way to go is to measure a collection of functions
based on their caller/callee relationship.

This approach makes it much harder to commit accounting fraud and
might well produce more reproducible results.

> for the entire system on this basis. It becomes clear when you have too
>many
> functions with high complexity factors as it pushed up the average
>complexity
> value disproportionately. It still should not be the only measure though.

Where do the decisions in the code (that creates this 'complexity' come
from)?  The algorithm that is being implemented.

If the algorithm has lot of decision points, the code will contain
lots of decision points.  The measurement process needs to target the
algorithm first, and then compare the complexity of the algorithm with
the complexity of its implementation.  The code only needs looking at
if its complexity is much higher value than the algorithm.

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

More information about the systemsafety mailing list