excuse me but...your code smells

9
EXCUSE ME BUT…YOUR CODE SMELLS

Upload: cast

Post on 20-Aug-2015

1.616 views

Category:

Technology


3 download

TRANSCRIPT

Page 1: Excuse Me But...Your Code Smells

EXCUSE ME BUT…YOUR CODE SMELLS

Page 2: Excuse Me But...Your Code Smells

Unlike touch and taste, the sense of smell can detect odors

from a distance. This certainly comes in handy to prevent us

from eating something poisonous, or giving advance warning

of danger in our environment.

So what does this have to do with code?

For over 20 years, software engineers have used code smells

to detect problems in their source code. Why? Because

smells are early warnings!

A code smell is any symptom in the source code of an

application or system that indicates a deeper problem,

such as weaknesses in design or system vulnerabilities

that may increase the risk of future failures.

DON’T TAKE IT PERSONALLY

A human nose can detect over 10,000 different smells!

Page 3: Excuse Me But...Your Code Smells

A code smell hints that something is wrong in the source

code that runs your system. Good software engineers

employ automated code smelling tools such as code

quality analysis to detect, identify, and track down these

potential weaknesses in their code.

Functional testing is not enough.

Functional testing only evaluates a system's compliance

with its specified requirements, while automated tools

examine the actual code to highlight weakness, and

identify high value targets for refactoring. According to

Capers Jones, “A synergistic combination of formal

inspections, static analysis, and formal testing can achieve

combined defect removal efficiency levels of 99%.”

WHAT’S IN A CODE SMELL?

Kent Beck coined the term Code Smell - Refactoring: Improving the Design of Existing Code

Page 4: Excuse Me But...Your Code Smells

Like the seven primary smells that your

nose can identify, code smells can be

classified to help you understand the

type of issues that may be present in

source code.

Research indicates that code smells correlate to maintainability

and production issues, which means detecting code smells

prior to releasing code into production helps improve system

maintainability and reliability.

Therefore, automatic detection of code smells is a valuable

early warning system that can benefit virtually every

development organization.

OH MY….WHAT’S THAT SMELL?

7 Types of Smells • Camphoric (Mothballs) • Musky (Perfume) • Roses (Floral) • Pepperminty • Etheral (Dry Cleaning Fluid) • Pungent (Vinegar) • Putrid (Rotten Eggs)

7 Examples of Code Smells • Duplicated code • Long methods • Large class • Too many parameters • Inappropriate intimacy • Contrived complexity • Excessively long identifiers

Page 5: Excuse Me But...Your Code Smells

10101010101011010101010101010101011010101010101010101001010111101010101010101010101010101010101010101011010101010101101010101010101010101101010101010101010100101011110101010101010101010101010101010101010101101010101010110101010101010101010110

Code smells can be detected by a static code quality agent that can read source code. The agent builds a representation of the code, then checks it against a set of patterns.

HOW TO SMELL YOUR CODE

POOR GOOD EXCELLENT

Size

Complexity

Best Practices

Stability

Maintainability

The agent looks at the occurrences of bad code patterns. The presence of one instance of a pattern doesn’t mean the code smells; however, many occurrences may trigger a threshold that indicates the code is starting to smell.

The agent aggregates the results of the pattern detection and generates code quality metrics (ie. number of lines of code, comment density, code complexity). These metrics and indicators are used to determine how much and what type of risky behaviors have been detected in the code.

Page 6: Excuse Me But...Your Code Smells

The annual impact of bad software is estimated to be $59

billion and over 90% of the vulnerabilities that cause these

defects are in source code.

Analyzing critical systems to detect code smells prior to

release provides benefits well beyond simple functional

testing. Automated code smell detection is a fast, reliable

risk reduction tool that should applied to all critical systems

to ensure early identification of potential issues and prevent

costly system outages and repair efforts.

THE IMPORTANCE OF SMELL

Early Warning Indicators

Recent high-profile IT failures that may have benefitted from code-smelling.

Page 7: Excuse Me But...Your Code Smells

MY CODE STINKS…NOW WHAT?

Transparency into the state of critical systems is difficult, yet

crucial to any organization. Once you’ve scanned your critical

systems, the next step is to determine root cause. Code can

go bad at many levels – programmer, process, architectural,

and even organizational. The key is that by analyzing and

measuring your code regularly you have the visibility and

facts needed to isolate root cause.

Bad things happen to good code.

Even great code will start to smell bad over time as fixes and

enhancements are introduced into the code base. However,

there are simple precautions you can take to detect potential

vulnerabilities early.

Gain Visibility & Monitor Regularly

Page 8: Excuse Me But...Your Code Smells

WAKE UP AND SMELL YOUR CODE!

Mission critical applications come with risks that have

significant business consequences. The conditions that

produce these risks grows steadily worse, as applications

become larger and more complex and demand from the

market to be more agile to compete increases. These are

perfect conditions that lead to headline making disasters

and end careers.

You must find ways to control the internal quality of your

systems. Identifying code smells through automated code

quality analysis is a scalable and effective method to

monitor critical systems evolution, improve maintainability,

and reduce the likelihood of production outages.

Identify & Prevent Risk

Page 9: Excuse Me But...Your Code Smells

START SMELLING LIKE A ROSE

Get visibility – Chance are you have no idea what your

code smells like. Have your teams perform code quality

analysis to establish a baseline of internal structural

quality.

Monitor – Insist that product teams regularly measure

and report on the internal quality of mission critical

systems. Require clear plans to mitigate these

vulnerabilities.

Communicate – Use this information as the foundation of

a continuing dialogue with your team to close process

gaps and develop needed skill sets.

Ask CAST for help – We’ve been helping clients prevent

bad code from impacting good businesses for over 15

years.

Try CAST HIGHLIGHT!

www.casthighlight.com/demo

Rapid Application Portfolio Analysis