Introduction
Cyclomatic Code Complexity was first introduced by Thomas McCabe in 1976. In 1976, Thomas McCabe published a paper arguing that code complexity is defined by its control flow. Since that time, others have identified different ways of measuring complexity (e.g. data complexity, module complexity, algorithmic complexity, call-to, call-by, etc.). Although these other methods are effective in the right context, it seems to be generally accepted that control flow is one of the most useful measurements of complexity, and high complexity scores have been shown to be a strong indicator of low reliability and frequent errors.
Overview
This measure provides a single ordinal number that can be compared to the complexity of other programs. It is one of the most widely accepted static software metrics and is intended to be independent of language and language format.
Code Complexity is a measure of the number of linearly-independent paths through a program module and is calculated by counting the number of decision points found in the code (if, else, do, while, throw, catch, return, break etc.).
Technical Specification
Cyclomatic Complexity for a software module calculated based on graph theory is based on the following equation:
CC=E-N+p
Where
- CC = Cyclomatic Complexity
- E = the number of edges of the graph
- N = the number of nodes of the graph
- p = the number of connected components
Further academic information on the specifics of this can be found here.
From a layman’s perspective the above equation can be pretty daunting to comprehend. Fortunately there is a simpler equation which is easier to understand and implement by following the guidelines shown below:
- Start with 1 for a straight path through the routine.
- Add 1 for each of the following keywords or their equivalent:
if, while, repeat, for, and, or.
- Add 1 for each
case in a switch statement.
Let’s look at a few examples to understand how the code complexity is calculated.
Example 1
public void ProcessPages()
{
while(nextPage !=true)
{
if((lineCount<=linesPerPage) && (status != Status.Cancelled) && (morePages == true))
{
}
}
}
In the code above, we start with 1 for the routine, add 1 for the while loop, add 1 for the if, and add 1 for each && for a total calculated complexity of 5.
Example 2
public int getValue(int param1)
{
int value = 0;
if (param1 == 0)
{
value = 4;
}
else
{
value = 0;
}
return value;
}
In the code above, we start with 1 for the routine, add 1 for the if, and add 1 for the else for a total calculated complexity of 3.
Members that have high code complexity should be reviewed for possible refactoring.
The SEI provides the following basic risk assessment based on the value of code:
| Cyclomatic Complexity | Risk Evaluation |
|---|
| 1 to 10 | a simple program, without very much risk |
| 11 to 20 | a more complex program, moderate risk |
| 21 to 50 | a complex, high risk program |
| > 50 | an un-testable program (very high risk) |
Tools
There are several free tools available which help one analyze the code complexity:
- devMetrics by Anticipating minds have a free community edition available for analyzing metrics for C# projects.
- Reflector Add-In: Code Metrics can be used to analyze .NET assemblies and show design quality metrics. This add-in is to be used in conjunction with Lutz Roeder’s Reflector.
Advantages
- It is very easy to compute as illustrated in the example.
- Unlike other complex measurements, it can be computed immediately in the development cycle (which makes it agile friendly).
- It provides a good indicator of the ease of code maintenance.
- It can help focus testing efforts.
- It makes it easy to find complex code for formal review.
