25

Code lines per file, methods per class, cyclomatic complexity and so on. Developers resist and workaround most if not all of them! There is a good Joel article on it (no time to find it now).

What code metric(s) you recommend for use to automatically identify "crappy code"?

What can convince most (you can't convince all of us to some crappy metric! :O) ) of developers that this code is "crap".

Only metrics that can be automatically measured counts!

Kevin Panko
  • 8,356
  • 19
  • 50
  • 61
Dandikas
  • 2,426
  • 2
  • 24
  • 32

27 Answers27

35

Not an automated solution, but I find WTF's per minute useful.

WTF's Per Minute
(source: osnews.com)

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
Tom Ritter
  • 99,986
  • 30
  • 138
  • 174
  • 4
    Sorry, I'm really interested in automatic solution ... your is the best I know that is not automated. – Dandikas Oct 09 '08 at 13:52
  • 21
    You could automate it with a WTF button that the reviewers press during code reviews: or really good speech recognition software. – DJClayworth Oct 09 '08 at 13:59
30

No metrics regarding coding-style are part of such a warning.

For me it is about static analysis of the code, which can truly be 'on' all the time:

I would put coverage test in a second step, as such tests can take time.

Do not forget that "crappy" code are not detected by metrics, but by the combination and evolution (as in "trend) of metrics: see the What is the fascination with code metrics? question.

That means you do not have just to recommend code metrics to "automatically identify "crappy code"", but you also have to recommend the right combination and trend analysis to go along those metrics.

On a sidenote, I do share your frustration ;), and I do not share the point of view of tloach (in the comments of another answers) "Ask a vague question, get a vague answer" he says... your question deserve a specific answer.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • +1 For "No metrics regarding coding-style are part of such a warning." This is one of those things where the people who need it most are the ones not doing it. – Gazzonyx Nov 30 '09 at 07:02
12

Number of warnings the compiler spits out when I do a build.

tloach
  • 8,009
  • 1
  • 33
  • 44
  • Fun, but I assume we want 0 warnings and other compiler messages. – Toon Krijthe Oct 09 '08 at 13:57
  • @Gamecat: I've worked with drivers that returned an integer that was actually a pointer to a struct somewhere else in memory. In that case, I'm not sure there is a way to avoid a warning of some sort... – tloach Oct 09 '08 at 14:31
  • THIS IS NOT AN ANSWER unless you specify what kind of warnings. Warnings depend on what kind of polices are enabled. This can produce completely different results on different machines without any code change! Please narrow your answer. – Dandikas Oct 10 '08 at 12:58
  • @Dandikas, Looks like others dont quite agree with you. I think in a general vague sense this is a valid answer, and it is automatically counted by the compiler. – mattlant Oct 11 '08 at 10:00
  • Is it possible to setup automated code check using this answer? ... The answer is equal to saying "Number of bad things in code" WHAT ARE the bad things!!!? Compiler spits what it is configured to spit. This answer does not tell what compiler should spit so it does not answer the question. – Dandikas Oct 11 '08 at 16:52
  • @Dandikas: Ask a vague question, get a vague answer. Language specific I could tell you to use -WALL, but that's only gcc. The type of warning is not generally important, if there is a warning then there is probably something risky going on. – tloach Oct 12 '08 at 09:43
12

Number of commented out lines per line of production code. Generally it indicates a sloppy programmer that doesn't understand version control.

polara
  • 4,862
  • 5
  • 24
  • 19
9

number of global variables.

tloach
  • 8,009
  • 1
  • 33
  • 44
  • 3
    I thought they went out together with the dinosaurs... – Treb Oct 09 '08 at 13:57
  • 1
    We like to imagine they did. In reality, even in something like C# where everything is in classes, I've still seen static public classes used as global variable collections. – Matthew Scharley Oct 09 '08 at 14:06
9

Developers are always concerned with metrics being used against them and calling "crappy" code is not a good start. This is important because if you are worried about your developers gaming around them then don't use the metrics for anything that is to their advantage/disadvantage.

The way this works best is don't let the metric tell you where the code is crappy but use the metric to determine where you need to look. You look by having a code review and the decision of how to fix the issue is between the developer and the reviewer. I would also error on the side of the developer against the metric. If the code is still popping on the metric but the reviewers think it is good, leave it alone.

But it is important to keep in mind this gaming effect when your metrics start to improve. Great, I now have 100% coverage but are the unit tests any good? The metric tells me I am ok, but I still need to check it out and look at what got us there.

Bottom line, the human trumps the machine.

Flory
  • 2,849
  • 20
  • 31
  • 1
    "The way this works best is don't let the metric tell you where the code is crappy but use the metric to determine where you need to look." That is exactly the idea. Useful +1 – Dandikas Oct 10 '08 at 06:13
  • Even more useful, observe how the metric changes over time. That way you're not calling people on a complexity line drawn in the sand but saying "your code is getting **more** complex" – Andy Dent Oct 05 '10 at 04:56
8

  • Non-existent tests (revealed by code coverage). It's not necessarily an indicator that the code is bad, but it's a big warning sign.

  • Profanity in comments.

Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
  • Are you serious about the profinity thing? I do not see how it correlates to code quality. Maybe to the quality of the working environment... – Treb Oct 09 '08 at 13:47
  • 6
    Profanity usually means the one programmer is swearing at another - possibly on another project. It may mean that they've had to fix poor code in the same module, or that they've got to workaround bugs elsewhere. Either way it's worth knowing about. – Jon Skeet Oct 09 '08 at 14:45
  • Sometimes you have to interoperate with third-party products and technologies, which may lead to profanity in comments too. – Alex B Oct 11 '08 at 10:09
  • 1
    I've general found that profanity in comments indicates that the coder is rather dismissive of the project and not taking his job seriuosly. e.g. "// fix to handle the other s#!t" usually means he just hacked something together to close a bug report. – James Curran Aug 09 '10 at 19:29
7

Metrics alone do not identify crappy code. However they can identify suspicious code.

There are a lot of metrics for OO software. Some of them can be very useful:

  • Average method size (both in LOC/Statements or complexity). Large methods can be a sign of bad design.
  • Number of methods overridden by a subclass. A large number indicates bad class design.
  • Specialization index (number of overridden methods * nesting level / total number of methods). High numbers indicate possible problems in the class diagram.

There are a lot more viable metrics, and they can be calculated using tools. This can be a nice help in identifying crappy code.

Toon Krijthe
  • 52,876
  • 38
  • 145
  • 202
6
  • global variables
  • magic numbers
  • code/comment ratio
  • heavy coupling (for example, in C++ you can measure this by looking at class relations or number of cpp/header files that cross-include each other
  • const_cast or other types of casting within the same code-base (not w/ external libs)
  • large portions of code commented-out and left in there
Milan Babuškov
  • 59,775
  • 49
  • 126
  • 179
4

My personal favourite warning flag: comment free code. Usually means the coder hasn't stopped to think about it; plus it automatically makes it hard to understand, so ups the crappy ratio.

DJClayworth
  • 26,349
  • 9
  • 53
  • 79
  • That really depends on the code, imo. Imagine something like: for(Widget widget : widgets) { frobulator.frob(widget); } Does that REALLY need a comment that says "use frobulator to frob each widget in widgets"? – Adam Jaskiewicz Nov 14 '08 at 16:31
  • 1
    Yeah, but WHY are we frobbing the widgets? Didn't we do that in another module as well? What are the circumstances in which each module should be used? – CindyH Nov 20 '08 at 15:36
  • I know source code (in Pascal, BTW) with very few comments, but very easy to understand. No, it's not my own, but this is a rare case. On the other hand, I know useless (or worse) commenting styles, that seem to follow the only goal to get code commented. – Wolf Oct 07 '14 at 12:19
3

My bet: combination of cyclomatic complexity(CC) and code coverage from automated tests(TC).

CC | TC

 2 | 0%  - good anyway, cyclomatic complexity too small

10 | 70% - good

10 | 50% - could be better

10 | 20% - bad

20 | 85% - good

20 | 70% - could be better

20 | 50% - bad

...

crap4j - possible tool (for java) and concept explanation ... in search for C# friendly tool :(

Kevin Panko
  • 8,356
  • 19
  • 50
  • 61
Dandikas
  • 2,426
  • 2
  • 24
  • 32
  • @Dandikas: I think the Iterative Programming method falls apart due to human factors not due to technical capability. I've seen long running code with CC in the order of 67 without failure, but that it due to meta-programming not human code creation. – Ande Turner Oct 09 '08 at 14:02
  • I agree, but we can't measure human factor, and developers do not accept most of metrics ... I'm in search for something that can be automated, accepted by developers and can provide some warning to current code state. – Dandikas Oct 09 '08 at 14:09
  • Seems reasonable. However the CC levels seem fairly moderate for large scale programs I've seen, I'd say they seem ok for individual modules – Robert Gould Oct 09 '08 at 15:42
  • http://Crap4Net.codeplex.com and http://code.google.com/p/crap4n/ – David Laing Jan 02 '11 at 01:14
  • Thanx a lot David! ... 2 years passed since I was wandering where is .net implementation! I still believe C.R.A.P. is a good metric, will check links and write comment here! (this week I hope) ... Many thanx! – Dandikas Jan 11 '11 at 08:26
  • 1
    Kevin, the tool NDepend supports the CRAP metric and dozens of others code metrics over C# and any others .NET language. http://www.ndepend.com/DefaultRules/webframe.html?Q_C.R.A.P_method_code_metric.html – Patrick from NDepend team Jun 19 '12 at 14:05
3

At first sight: cargo cult application of code idioms.

As soon as I have a closer look: obvious bugs and misconceptions by the programmer.

bart
  • 7,640
  • 3
  • 33
  • 40
2

Number of worthless comments to meaningful comments:

'Set i to 1'
Dim i as Integer = 1
Bob King
  • 25,372
  • 6
  • 54
  • 66
  • I agree - but how would you determine the worthiness automatically? – Treb Oct 09 '08 at 13:54
  • 1
    I think it can be automated. We parse the program and create a set of possible descriptions of a certain piece of commented code. Then, we just need a good text correlation algorithm and pass the set of possible descriptions and the comment to them and get a measure of usefulness of the comment. :) – Tetha Oct 09 '08 at 14:25
2

I don't believe there is any such metric. With the exception of code that actually doesn't do what it's supposed to (which is a whole extra level of crappiness) 'crappy' code means code that is hard to maintain. That usually means it's hard for the maintainer to understand, which is always to some extent a subjective thing, just like bad writing. Of course there are cases where everyone agrees the writing (or the code) is crappy, but it's very hard to write a metric for it.

Plus everything is relative. Code doing a highly complex function, in minimal memory, optimized for every last cycle of speed, will look very bad compared with a simple function under no restrictions. But it's not crappy - it's just doing what it has to.

DJClayworth
  • 26,349
  • 9
  • 53
  • 79
2

Unfortunately there is not a metric that I know of. Something to keep in mind is no matter what you choose the programmers will game the system to make their code look good. I have seen that everywhere any kind of "automatic" metric is put into place.

StubbornMule
  • 2,720
  • 5
  • 20
  • 19
2

A lot of conversions to and from strings. Generally it's a sign that the developer isn't clear about what's going on and is merely trying random things until something works. For example, I've often seen code like this:

   object num = GetABoxedInt();
//   long myLong = (long) num;   // throws exception
   long myLong = Int64.Parse(num.ToString());

when what they really wanted was:

   long myLong = (long)(int)num;
James Curran
  • 101,701
  • 37
  • 181
  • 258
2
  • Watch out for ratio of Pattern classes vs. standard classes. A high ratio would indicate Patternitis
  • Check for magic numbers not defined as constants
  • Use a pattern matching utility to detect potentially duplicated code
Andrew not the Saint
  • 2,496
  • 2
  • 17
  • 22
  • Nice idea but how do you identify Pattern classes, unless someone is using the pattern name in the class name. There's also the possibility that they are legitimately mainly applying patterns - I've written stuff where almost all of the classes could be called "pattern classes" because they were all participants in Composite, Visitor or Observer patterns. – Andy Dent Oct 05 '10 at 04:55
2

I am surprised no one has mentioned crap4j.

Eric Weilnau
  • 5,370
  • 4
  • 30
  • 30
1

Sometimes, you just know it when you see it. For example, this morning I saw:

void mdLicense::SetWindows(bool Option) {
  _windows = (Option ? true: false);
}

I just had to ask myself 'why would anyone ever do this?'.

Marc Bernier
  • 2,928
  • 27
  • 45
0

Well, there are various different ways you could use to point out whether or not a code is a good code. Following are some of those:

  1. Cohesiveness: Well, the block of code, whether class or a method, if found to be serving multiple functionality, then the code can be found to be lower in cohesiveness. The code lower in cohesiveness can be termed as low in re-usability. This can further be termed as code lower in maintainability.

    1. Code complexity: One can use McCabe cyclomatic complexity (no. of decision points) to determine the code complexity. The code complexity being high can be used to represent code with less usability (difficult to read & understand).

    2. Documentation: Code with not enough document can also attribute to low software quality from the perspective of usability of the code.

Check out following page to read about checklist for code review.

Ajitesh
  • 956
  • 10
  • 14
0

TODO: comments in production code. Simply shows that the developer does not execute tasks to completion.

n002213f
  • 7,805
  • 13
  • 69
  • 105
  • 1
    I hate them because they should be in the issue tracking system. It's OK to make an engineering decision to postpone something but that fact should be out of the code. OTOH you could read the presence of lots of TODO comments in code as a judgement on the quality of the issue tracking system! – Andy Dent Oct 05 '10 at 04:57
0

Code coverage has some value, but otherwise I tend to rely more on code profiling to tell if the code is crappy.

Danimal
  • 7,672
  • 8
  • 47
  • 57
0

Ratio of comments that include profanity to comments that don't.

Higher = better code.

Rich Bradshaw
  • 71,795
  • 44
  • 182
  • 241
  • Could be automated: You can measue F***Cs/LOC and S**Ts/LOC (regex is your friend). Should give at least a good approximation of the general profanity. As for the usefulness, well... – Treb Oct 09 '08 at 14:07
0

Lines of comments / Lines of code

value > 1 -> bad (too many comments)

value < 0.1 -> bad (not enough comments)

Adjust numeric values according to your own experience ;-)

Treb
  • 19,903
  • 7
  • 54
  • 87
  • Depends, if you're using comments to document code (doxygen), or if you automatically insert comments to track changes, then your number of comments could easily be higher than LOC. – tloach Oct 09 '08 at 13:58
  • You're right - so the values would need to be adjusted according to the circumstances. And nobody has time for this... – Treb Oct 09 '08 at 14:03
  • 2
    Furthermore, there are persons who say: most comments in code are a code smell and the code should be refactored to be more readable. Those people would say: a value of 0 is the best ;) – Tetha Oct 09 '08 at 14:26
  • 1
    Yes, I know, I just don't buy it. I am getting less and less verbose with my comments, but some comments (for example for people who do not know the project yet) are necessary IMHO. – Treb Oct 09 '08 at 14:30
0

I take a multi-tiered approach with the first tier being reasonable readability offset only by the complexity of the problem being solved. If it can't pass the readability test I usually consider the code less than good.

Scott Dillman
  • 821
  • 1
  • 9
  • 16
0

Methods with 30 arguments. On a web service. That is all.

kprobst
  • 16,165
  • 5
  • 32
  • 53
-1

This hilarious blog post on The Code C.R.A.P Metric could be useful.