{{ vc_btn:title=SOFTWARE+RESILIENCY&style=flat&color=black&i_icon_fontawesome=fa+fa-shield&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-resiliency%252F%7C%7C%7C }} {{ vc_btn:title=BEST+PRACTICES&style=outline&color=black&i_icon_fontawesome=fa+fa-code&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-resiliency%252Fbest-practices%252F%7C%7C%7C }} Why you should care Specifically in Scala, use of return statement could interfer with the expected result. It's recommended to use an implicit return which is a native feature in scala language. How we detect This Code Insight counts one occurrence each time 'return' statement is encountered:   Noncompliant [...]

{{ vc_btn:title=SOFTWARE+RESILIENCY&style=flat&color=black&i_icon_fontawesome=fa+fa-shield&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-resiliency%252F%7C%7C%7C }} {{ vc_btn:title=BEST+PRACTICES&style=outline&color=black&i_icon_fontawesome=fa+fa-code&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-resiliency%252Fbest-practices%252F%7C%7C%7C }} Why you should care Whenever null seems like a good idea, use Option instead. As far as types are concerned, null is a bit of a lie: val s: String = null The compiler believes s to be a String and will accept it wherever one is required. The compiler is, obviously, wrong: s.toLowerCase // [...]

For code readability purpose, prefer using switch if there are three or more options in a if.

For security purpose, developers should not leave phpinfo() in production code, as it displays information which can be used to compromise the server that your site is running on.

Overring methods is a very powerfull way of factoring the code and produce complete fonctionnalities. However useless overriding methods can be a problem for the simplicity of the source code.

THE CODE CONTAINS TOO MANY UPPERCASE CONTROL STRUCTURE KEYWORDS

Developers should avoid using deprecated constructors. Since PHP5, constructor should be named __construct.

For better code maintainability, functions, interfaces and classes should end with a comment.

Every function that throws exceptions must have a throw tag.

Complying with naming conventions make the source code easier to ready and so to maintain. Function names should start with an upper case and should not contain underscores OR should start with a lower case (but can contain underscores).

Unnecessary final modifiers inside final classes should be avoided. Final modifier prevents child classes from overriding a method by prefixing the definition with final. If the class itself is being defined final then it cannot be extended and the modifier is useless.

When __get() are declared, __set() shoud be declared as well.

Complying with naming conventions make the source code easier to ready and so to maintain. Class names should start with an upper case.

Because force casting (as!) does not perform any type safety validations, it is capable of performing dangerous conversions between unrelated types. When the types are truly unrelated, the cast will cause a system crash.

Prefer using an expression body for functions with the body consisting of a single expression.

Abstract classes can have public constructors, and this is required in some particular cases. But a public constructor means that the class can be instantiated directly while, by design, abstract classes are aimed to not be instantiable.

Short variable declarations (:=) should be used if a variable is being set to some value explicitly.

If the receiver of a method is unused, do not give it a name. It’s more readable because it’s clear that the receiver is not used in method.

Use &T{} instead of new(T) when initializing struct references so that it is consistent with the struct initialization.

When switch statements have large sets of case clauses, it is usually an attempt to map two sets of data. A real map structure would be more readable and maintainable, and should be used instead.

Overriding a variable declared in an outer scope can strongly impact the readability, and therefore the maintainability, of a piece of code. Further, it could lead maintainers to introduce bugs because they think they’re using one variable but are really using another.

The distinction between the variable types created by var and by let is significant, and a switch to let will help alleviate many of the variable scope issues which have caused confusion in the past.
This code insight will trigger when var is used instead of const or let.

Continuing a string across a linebreak is supported in most script engines, but it is not a part of ECMAScript. Additionally, the whitespace at the beginning of each line can’t be safely stripped at compile time, and any whitespace after the slash will result in tricky errors.

The logical OR operator (||) will not work in a switch case as one might think, only the first argument will be considered at execution time.

Switch can contain a default clause for various reasons: to handle unexpected values, to show that all the cases were properly considered.
For code readability purpose, to help a developer to quickly find the default behavior of a switch statement, it is recommended to put the default clause at the end of the switch statement. This rule raises an issue if the default clause is not the last one of the switch’s cases.

Since object members may contain other members, it’s not uncommon to see patterns such as window.location.href in JavaScript code. These nested members cause the JavaScript engine to go through the object member resolution process each time a dot is encountered.
Reducing the dotation usage can win 50% of the time consumed by this function.

Hard coding a URI makes it difficult to test a program: path literals are not always portable across operating systems, a given absolute path may not exist on a specific test environment, a specified Internet URL may not be available when executing the tests, production environment filesystems usually differ from the development environment, …etc. For all those reasons, a URI should never be hard coded. Instead, it should be replaced by customizable parameter.
Further even if the elements of a URI are obtained dynamically, portability can still be limited if the path-delimiters are hard-coded.

This code insight triggers only when URL or path delimiters are hard coded. URL security aspect is checked through CloudReady patterns.

The use of Swift 2.0’s try! lets you execute code that might throw an exception without using the do and catch syntax normally required for such code. By using it, you’re guaranteeing that the executed code will never fail. But there might be some exceptions… And when it does fail, the program will exit abruptly, probably without cleaning up after itself.

It can be confusing to have a class member with the same name (case differences aside) as its enclosing class, especialy when considering the common practice of naming a class instance for the class itself.
Best practice dictates that any field or member with the same name as the enclosing class be renamed to be more descriptive of the particular aspect of the class it represents or holds.

USE == INSTEAD OF ?: WHEN DEALING WITH NULLABLE BOOLEAN

Private methods that are never executed are dead code: unnecessary, inoperative code that should be removed. Cleaning out dead code decreases the size of the maintained codebase, making it easier to understand the program and preventing bugs from being introduced.

In Kotlin, “if” and “when” returns a value, and so can be used as expression. When possible, prefer using the expression form.

The return keyword is relative to the nearest enclosing function (or anonymous function). So for returning from lambda, a labeled return is needed. But as recommended by official Kotlin coding convention, do not use a labeled return for the last statement in a lambda. Prefer lambda mechanism based on implicit return of the last expression used. If you need explicit return, then for a lambda you would have to use a heavy labeled return syntax. So in this case, prefer converting the lambda into anonymous function that use a simple return syntax.

is needlessly complex to invert the result of a boolean comparison. The opposite comparison should be made instead. This is furthermore the case in compound conditions.

The return keyword is relative to the nearest enclosing function (or anonymous function). So for returning from lambda, a labeled return is needed. But as recommended by official Kotlin coding convention, avoid using multiple labeled returns in a lambda. Consider restructuring the lambda so that it will have a single exit point. If that’s not possible or not clear enough, consider converting the lambda into an anonymous function.

You should not ignore exceptions. It can be tempting to be lazy when catching exceptions and do something like this: (see example below).

Elvis operator ?: is an syntactic sugar for if (!x) { x=something }. Prefer Elvis notation for readability considerations.

Groovy support dynamic types, that is declarations where the type is def or unspecified.

Correctly updating a static field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple class instances and/or multiple threads in play. Ideally, static fields are only updated from synchronized static methods.

Reassigning parameter of function to a new value within the body of the method/closure, is a confusing and questionable practice. Use a temporary variable instead.

Nested for loops are not a good practice because for loops are using an increment to cover a range, and nested for loops are meant to cover a two dimensional range, leading to a O(n2) algorithm. Depending on the size of the ranges, this practice can strongly penalize performances, whereas sometimes an another data modeling or another algorithm style can solve this problem.

A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke one of your finalize() methods because it is declared with public access. If you are using finalize() as it was designed, there is no reason to declare finalize() with anything other than protected access.

Destructuring assignment are a practical sugar syntax, but due to dynamic typing, ommitting the parentheses lead to a syntactically correct, but however functionnally incorrect, implementation.

If a method is called and the last parameter is an inline closure then it can be declared outside of the method call parentheses, to comply with Groovy style programming.

The number of files declared in the FILE-CONTROL should not be excessive.

COMPUTE verb should be restricted to usage in combination with the ROUNDED clause or a function call or for complex computing expression.

As much as possible, developers should always terminate paragraph labels with a dot.

For code readability purpose, developers should always align end keywords with the corresponding instruction. The END-xxx keywords should be aligned on the same column the instruction they are related to.

While describing a PICTURE, once the length of a sequence exceeds 3 characters, use the factorized notation. Edition pictures (presence of Z) are not concerned.

For code readability purpose, avoid initializations with 0 or spaces.

When creating a new data level, do not add 1 to the previous level. Having not contigus level is easier for inserting an intermediate level later, if needed.

For readability purpose, avoid using perform with a paragraph higher in the code.

Avoid dangerous file usage patterns. File management contains dangerous usage patterns.

Paragraphs having the same name is ambigous, and should be strongly avoided.

In a cobol file, area A (the first four columns) are reserved for divions, sections names, paragraph names and level 01 data declaration.

In TypeScript there are several ways to declare an optional property, i.e. a property which might be missing from an object: adding “| undefined” in the property type or adding “?” after its name. The latter is preferred as it brings more clarity and readability to a code.

Creating a new Error without actually throwing it is useless and is probably due to a mistake.

For code readability purpose, if a property initializer is a scalar value or the return type can be clearly inferred from the body then it can be omitted.

You should almost always specify field names when initializing structs. This is now enforced by go vet.

There is no reason to re-assign a variable to itself. Either this statement is redundant and should be removed, or the re-assignment is a mistake and some other value or variable was intended for the assignment instead.

Using the same value on either side of a binary operator is almost always a mistake. In the case of logical operators, it is either a copy/paste error and therefore a bug, or it is simply wasted code, and should be simplified. In the case of bitwise operators and most binary mathematical operators, having the same value on both sides of an operator yields predictable results, and should be simplified.

A chain of if/else if statements is evaluated from top to bottom. At most, only one branch will be executed: the first one with a condition that evaluates to true.

Dead code are instructions that can never be reached. Obvious dead code are instructions that follow unconditional jumps in the same statement block.
Dead code could just be deactivated functionalities, but in this case, it should not be present in production.

This rule applies whenever an if statement is followed by one or more else if statements; the final else if should be followed by an else statement.
The requirement for a final else statement is defensive programming.

The else statement should either take appropriate action or contain a suitable comment as to why no action is taken. This is consistent with the requirement to have a final default clause in a switch statement.

The use of increment and decrement operators in method calls or in combination with other arithmetic operators is not recommended

Nested switch structures are difficult to understand because you can easily confuse the cases of an inner switch as belonging to an outer statement. Therefore nested switch statements should be avoided.

Merging collapsible if statements increases the code’s readability.

The with statement in javascript inserts an object at the front scope chain, so any property/variable references will first try to be resolved against the object. This is often used as a shortcut to avoid multiple long references.

While most script engines support Function Declarations within blocks it is not part of ECMAScript (see ECMA-262, clause 13 and 14). Worse implementations are inconsistent with each other and with future EcmaScript proposals. ECMAScript only allows for Function Declarations in the root statement list of a script or function. Instead use a variable initialized with a Function Expression to define a function within a block.

For several reasons detailed in references, using finalizers is not recommended.

Ending switch branches with ‘breaks’ helps the code be more consistent, functional, and easier to debug. This allows developers in different teams navigate the code easier and be more productive in the development process. Lack of breaks makes the code difficult for other developers to understand.

Modifying builtins like Object.prototype and Array.prototype are strictly forbidden. Modifying other builtins like Function.prototype is less dangerous but still leads to hard to debug issues in production and should be avoided.

Functions should not be defined with a variable number of arguments. Varargs methods are a convenient way to define methods that require a variable number of arguments, but they should not be overused. They can produce confusing results if used inappropriately.

The difference between private and protected visibility is that child classes can see and use protected members, but they cannot see private ones. Since a final class will have no children, marking the members of a final class protected is confusingly pointless.

Loop counters shall not be modified in the body of the loop. However other loop control variables representing logical values may be modified in the loop, for example a flag to indicate that something has been completed, which is then tested in the for statement.

Because the equals method takes a generic Object as a parameter, any type of object may be passed to it. The method should not assume it will only be used to test objects of its class type. It must instead check the parameter’s type.

catch clause that only rethrows the caught exception has the same effect as omitting the catch altogether and letting it bubble up automatically, but with more code and the additional detrement of leaving maintainers scratching their heads.
Such clauses should either be eliminated or populated with the appropriate logic.

Although this is sometimes unavailable, nesting try/catch blocks severely impacts the readability of the source code as it makes it difficult to understand which block will catch which exception.

The switch statement should be used only to clearly define some new branches in the control flow. As soon as a case clause contains too many statements this highly decreases the readability of the overall control flow statement. In such case, the content of the case clause should be extracted into a dedicated method.

When a function is to be invoked immediately, the entire invocation expression should be wrapped in parents. Wrapping an immediate function invocation in parentheses is usefull to assist the reader in understanding that the expression is the result of a function, and not the function itself.

Although JavaScript allows to declare multiple variables in a single chain, it is recommended to declare each variable separately as it is easier to read and reduce the risk of unexpected behaviors in some cases.

Using return, break, throw, and continue from a finally block overwrites similar statements from the suspended try and catch blocks.

SWITCH statements are useful when there are many different cases depending on the value of the same expression. However, code will me more readable with IF statements for one or two cases.

“equals” as a method name should be used exclusively to override Object.equals(Object) to prevent any confusion. It is tempting to overload the method to take a specific class instead of Object as parameter, to save the class comparison check. However, this will not work as expected when that is the only override.

Testing for loop termination using an equality operator (== and !=) is dangerous, because it could set up an infinite loop. Using a broader relational operator instead casts a wider net, and makes it harder (but not impossible) to accidentally write an infinite loop.

This pattern verifies the presence of variable assignments in conditional (IF) expressions. It is generally not recommended to use the assignment operator in this case as it is close to the comparison operator (==) and could lead to misreading the code logic.

This pattern verifies the presence in source code of negative comparisons. Depending on the frequency, CAST Highlight will trigger this code insight.

Functions should not be defined with a variable number of arguments. Varargs methods are a convenient way to define methods that require a variable number of arguments, but they should not be overused. They can produce confusing results if used inappropriately.

It could be necessary to check whether a given object has a specific class type or whether two objects have the same class type associated with them, for example, when implementing the equals() method. If the comparison is performed incorrectly, the code could assume that the two objects are of the same class when they are not. As a result, class names must not be compared.

Having an unconditional break, return or throw in a loop renders it useless; the loop will only execute once and the loop structure itself is simply wasted keystrokes. Having an unconditional continue in a loop is itself wasted keystrokes. For these reasons, unconditional jump statements should never be used except for the final return in a function or method.

Integer literals starting with a zero are octal rather than decimal values. While using octal values is fully supported, most developers do not have experience with them. They may not recognize octal values as such, mistaking them instead for decimal values.

The code contains too many thows to system exceptions (java.lang.Error, java.lang.RuntimeException). Application should have their own error exception classes. Throwing generic exception force callers to use generic catches. Prefer to use applicative and more specialized exceptions.

Complex select clauses, i.e select clauses with many column can be difficult to read and does not help the reader who needs to identify the relevant columns to be retrieved. Also a query that retrieves many columns can potentially cause performance problems.

In order to ease change and to hide platform specific information from any potential misuse, it is highly recommended to use SAP ABAP logical paths instead of hard-coded paths.

This Code Insight counts one occurrence each time a “SELECT *” or “SELECT SINGLE *” query is found.

Special rules apply for the implementation of Web Dynpro routines, such as “wd_Do_Init” methods. Some ABAP language statements cannot be used. Other routines cannot be called directly – instead they must be called with the “wd_This” instance. The reason for this is that a direct call makes any extensions made from restructured layers impossible.

SAP standard tables are part of the SAP software and they must not be modified by custom components. These can be affected by the modification of the SAP system tables, in terms of structure, content or business rules. In addition, they can lead to data corruption and unpredictable behavior of SAP packages. The best way is to use standard functions and badis released by SAP.

For reliability and performance purposes, avoid using too many SQL instructions with a missing WHERE clause. Also, using “ORDER BY”, “NOT LIKE” or “IS NULL” is a WHERE clause is not recommended.

For maintainability aspect, avoid ABAP Functions, ABAP Forms, and ABAP Modules that contain no statements.

Missing return code checks after an Open SQL statement can result in unpredictable behavior and untraceable execution errors. This is why it is extremely important to report and handle errors as soon as they occur.

Software AgilityEmbedded Documentation Why you should care Description coming soon... Business Impacts Description coming soon... CostTime / Effort CAST Recommendations Description coming soon... References Coming soon... How we detect Coming soon... About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of [...]

When a variable without any operators is found within a ‘IF’ condition, in most of cases, it means that the developer wanted to perform some controls on this variable. However, in order to avoid any unexpected behavior during the execution, and depending on the verification type the developer intends to perform (existing/set or empty or true/false or null variable?), it is recommended to use the appropriate method, so that the risk of misinterpretation of the verification is limited.

This code insight sanctions data accesses in operands having a too high level of indirection. The level of indirection is determined by the path you need to go through in order to get your data from an object (e.g. myObject.a.b.c.myData). Too many occurrences of this pattern generally decreases readability of the code, especially when indirection layer names are not meaningful. It may also reveal a lack of Oriented-Object encapsulation.

Having too many variables that are unused somewhere in your software can make the software consume more memory than it should as the resource is allocated for each declared variable, whether it is use or not during the execution. It also doesn’t help developers get clear view on effectively used variables in a program.

{{ vc_btn:title=Software+Agility&style=flat&color=pink&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-agility%252F%7C%7C%7C }} {{ vc_btn:title=Code+Readability&style=outline&color=black&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-agility%252Fcode-readability%252F%7C%7C%7C }} How we detect CAST Highlight counts the number of functions/methods found per file. Depending on thresholds based on benchmark analysis of reference applications, CAST Highlight will decrement the capital of points for the scanned file where the code insight occurs. Why you should care For maintainability and code readability [...]

Software AgilityCode Readability Why you should care There should be no space between the name of a function and the ( (left parenthesis) of its parameter list, unless case of an anonymous literal function. If a function literal is anonymous, there should be one space between the word function and the ( (left parenthesis). If [...]

Software ResiliencyProgramming Best Practices Why you should care Certain built-in commands in VB/VB.net bring about unnecessary reliability risk to applications. This unexpected application or machine behavior occurs a result of awkward/unreliable methods of handling errors and interacting with memory - that includes using pointers, forcing garbage collection, unstructured exception handling etc. Business Impacts The use [...]

Software ResiliencyProgramming Best Practices Deep functions are a Production Risk in JavaScript This code insight counts one violation each time an artifact (global function or root code) has a too high depth code. Depth is evaluated throught imbrication of following structures : if, do, for, while, case, The depth threshold (max valid depth) is tuned [...]

Software ResiliencyCode Reliability Risky catches increase production risks This code insight counts a violation each time in a single cobol source file : a sorted file (SD) is never sorted : an instruction               SD  <SORT-FILE>. is found in DATA DIVISION, but not corresponding               SORT <SORT-FILE> ....... is found in PROCEDURE DIVISION. a file [...]

Software ResiliencyProgramming Best Practices File Records with no COPY Clause can be risky This code insight count a violation each time a file record has more than one data and is not in a copy clause. Bad: 000130 DATA DIVISION. 000140 FILE SECTION. 000150 FD SALES-FILE 000160       RECORDING MODE IS F. 000170 000180 01 SALES-RECORD. [...]

Software ResiliencyProgramming Best Practices EVALUATE instructions without default treatment causes Production Risk This code insight counts one violation each time the statement WHEN OTHER is missing for an EVALUATE instruction. Why you should care Each EVALUATE structure should have a WHEN OTHER statement to provide a default treatment in case the program has an unexpected [...]

Software AgilityEmbedded Documentation Multiple JSP Comments can increase costs This code insight counts one violation each time too consécutive comment blocs are encountered. JSP comments <%-- are concerned as well as java comment /* or // inside a scriptlet. HTML comments are not considered. If two JSP comments are separated by HTML code (not containing [...]

CostSoftware AgilityEmbedded Documentation Pure JSP Comments can decrease Costs This code insight counts one violation each time a scriptlet contains only java comments. This includes for example the following patterns : <% /** ... */ %> <% /* ... */ %> <% // ... %> Including cases with several comments: <% /* ... */ /* [...]

Production RiskSoftware ResiliencyCode Reliability Long Lines can decrease Readability This code insight counts one violation each time a line of the JSP file exceed 80 characters. All lines of the file are concerned, whatever they contain : html, JSP tags, java code, etc ...     Why you should care Long lines will often extend [...]

Production RiskSoftware ResiliencyProgramming Best Practices Good declaration Order in JSP can reduce costs This code insight counts a violation each time a page do not conform to the following declaration layout: a JSP file consists of the following sections in the order they are listed: - Opening comments - JSP page directive(s) - Optional tag [...]

Production RiskSoftware ResiliencyProgramming Best Practices Standard SQL API increases Production Risk in JSP This code insight counts one violation if there is at least one import directive: <%@ page import = "java.sql.*" %> <%@ page import = "javax.sql.*" %>     Why you should care Standard SQL APIs java.sql.* and javax.sql.* are symptoms of direct [...]

Production RiskSoftware ResiliencyProgramming Best Practices TLD Headers can reduce Production Risks This code insight counts one violation each time a TLD header do not contains: the xml version, the xml encoding the DOCTYPE statement   Why you should care A tag library descriptor (TLD) file must have a header section including the definition of the [...]

CostSoftware AgilityEmbedded Documentation Bad attribute names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]*$ underscore allowed lowercase Why you should care The name of the class attribute does match the naming convention. This error is a stylistic warning. The code will execute. But you can [...]

CostSoftware AgilityEmbedded Documentation Bad method names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]$ underscore allowed lowercase Why you should care The name of the method does match the naming convention. This error is a stylistic warning. The code will execute. But you can improve [...]

CostSoftware AgilityEmbedded Documentation Bad function names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]{2,}$ underscore allowed lowercase Why you should care The name of the function does match the naming convention. This error is a stylistic warning. The code will execute. But you can improve [...]

CostSoftware AgilityEmbedded Documentation Bad class names can increase costs This code insight counts one violation each time the name do not complies with: [A-Z_][a-zA-Z0-9]*$ underscore as prefix only first letter words capitalized Why you should care The name of the class does match the naming convention. This error is a stylistic warning. The code will [...]

CostSoftware AgilityEmbedded Documentation Bad variable names can increase costs This code insight counts one violation each time the name do not complies with: Constants (([A-Z_][A-Z0-9_]*)|(__.*__)) underscore allowed upercase anything delimited with double underscore Note : a constant is an identifier that is assigned at only one time in a function, method or global scope, with [...]

Software AgilityEmbedded Documentation Why you should care Developers tend to shorten the text required for writing code to save time and get it running. However, using short, nondescript function/variable names increases the need for excessive commenting and makes it more difficult for developers to collaborate and understand each other’s code. It also can be a [...]

Production RiskSoftware ResiliencyProgramming Best Practices Break Statements helps reduce Production Risk This code insight counts one violation each time a loop with a else clause do not contains any break or return statement. bad def contains_magic_number(list, magic_number): for i in list: if i == magic_number: print "This list contains the magic number." else: print "This [...]

Production RiskSoftware ResiliencyProgramming Best Practices Magic Numbers are a Production Risk This code insight counts one violation each time a litteral numeric constant is encountered, that is not assigned to a constant. interger : (0|0[xX])?[0123456789ABCDEF]+([lL]? decimal : ([0-9]*\.[0-9]+|[0-9]+\.) real : [0-9]+[eE][+-]?[0-9]+ exception  one digit integer 0.0, .0, 0. 1.0 Note : a constant is a [...]

{{ vc_btn:title=SOFTWARE+ELEGANCE&style=flat&color=juicy-pink&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fsoftware-elegance%7C%7C%7C }} {{ vc_btn:title=CODE+COMPLEXITY&style=flat&color=black&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fhttp%253A%252F%252Fcasthighlight.wpengine.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fsoftware-elegance%252Fcode-complexity%252F%7C%7C%7C }} This code insight counts one occurrence for each local variable in methods and functions found during the scan and shows up in CAST Highlight results when specific thresholds (ratio of local variables vs. total number of functions/methods) are reached for a given file, compared to the average ratio observed [...]

Production RiskSoftware ResiliencyProgramming Best Practices % operator to format string can cause production risk Count one violation each time a string use the % operator. bad print("%s is %s" % ("`$`", "fine")) good print("{0} is {1}, much {1}".format("format", "better")) Why you should care Future python version will promote usage of format(). If possible, prefer using [...]

Production RiskSoftware ResiliencyProgramming Best Practices Whitespaces are a Production Risk Count one violation each time a format replacement field contains a whitespace. bad print "{ what} is {how it is}".format({"what": "life", "how it is": "hard"}) # Output: KeyError; the correct key would be ' what' with a leading whitespace print "{ what} is {how it [...]

Software AgilityCode Readability Why you should care Be consistent with your choice of string quote character within a file. Pick ' or " and stick with it. However, in a JavaScript context, the single quote will be preferred in order to have to escape single quotes in strings. Business Impacts Consistency is key is keeping [...]

Production RiskSoftware ResiliencyProgramming Best Practices String concatenation in loop causes production risks This code insight counts one violation each time an operator + or += is used with a string parameter inside a loop. Note : the rule is restricted to expression with litteral string. Variable string need semantic to be detected. bad employee_table = [...]

CostSoftware AgilityCode Readability Missing spaces can increase costs This code insight counts one violation each time a line of code is ended with trailing whitespaces. → search all non-blank lines terminated with one or more spaces that are not inside a comment Why you should care Avoid trailing whitespace anywhere. Because it's usually invisible, it [...]

CostSoftware AgilityCode Readability Missing spaces can increase costs This code insight counts one violation each time : following operators are not surrounder with at least one space: =, += , -=, == , < , > , != , <> , <= , >= , in , not in , is , is not, and , or , not. following elements are not followed by at least one space : comma, semicolon, colon (except slice operator) Why you should care Always [...]

Software AgilityCode Readability Why you should care Avoid extraneous whitespace in the following situations: Immediately inside parentheses, brackets or braces. Yes: spam(ham[1], {eggs: 2}) No: spam( ham[ 1 ], { eggs: 2 } ) Immediately before a: comma semicolon colon (except when using as slice operator) Yes: if x == 4: print x, y; x, [...]

Production RiskSoftware ResiliencyProgramming Best Practices Java-Style getters and setters can increase production risks This code insight counts one violation each time a class define getter or setter (one of then or both) for a given member. If the implementation of the class contain the following pattern: self.<member> then a violation will be counted if the [...]

CostSoftware AgilityCode Readability Alias agreement for imports can reduce costs This code insight counts one violation each time a one of the following library is not imported with the conventionnal alias. Library -> Alias numpy -> np scipy -> sp pandas -> pd matplotlib -> mpl matplotlib.pyplot -> plt seaborn -> sns datetime -> dt [...]

Production RiskSoftware ResiliencyProgramming Best Practices Wildcard(*) imports can increase production risks. This code insight counts one violation each time a wildcard import is used. Violations pattern is: import * from xxx import * Why you should care In general, import statements should be as specific as possible and you should only import what you need. [...]

CostSoftware AgilityCode Readability Multiple imports on the same line can increase costs This code insight counts one violation if an "import" not preceded by a "from" contains several arguments. bad import os, sys good import os import sys from xxx import a, b Why you should care Imports should usually be on separate lines, e.g.: [...]

Software EleganceCode Complexity Why you should care For developers, it is important to consider that having too many arguments tends make the function excessively complex.  This increases development time as it becomes more difficult for others to use, and understand the offending sections of code. Business Impacts Having too many parameters makes it difficult for [...]

Software ResiliencyCode Resiliency Risky catches increase production risks This code insight counts one violation each time a class whose name is ending with Exception or Error is not derived from another class whose name is ending with Exception or Error, excluding BaseException. bad class MyException(object): def __init__(self, code, message): self.code = code self.message = message [...]

Software ResiliencyProgramming Best Practices How we detect This code insight counts one violation each time : an except instruction is immediately followed by a colon, i.e does not specify any exception class name (case of a bare except). an except instruction is catching the BaseException class an "except Exception:" is in first position or not [...]

CostSoftware AgilityCode Readability Using "is" for anything but singleton can increase costs Count one violation each time one of the operand of is (or is not) is not None, True or False. Why you should care Testing the identity of two objects can be achieved in python with a special operator called  is. Most prominently [...]

CostSoftware AgilityCode Readability 'Not...is' syntax can be unreadable Count one violation each time the not ... is syntax is encountered. bad some_list = None if not some_list is None: do_something() good some_list = None if some_list is not None: do_something() Note: there is no violation if the operators "and", "or", && or || are between [...]

CostSoftware AgilityCode Readability Explicit comparison to singleton can be unreadable This code insight count one violation each time a condition use an explicit comparison to "none", "false" or "true" (using operators == or !=). Bad: if number == None: print("This works, but is not the preferred PEP 8 pattern") if number ! = None : [...]

Software AgilityEmbedded Documentation Why you should care Avoid (in production code) comments that reveals that the code could not be finalized or not mature. Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. Cost CAST Recommendations References Style Guide How we detect Count one [...]

Software AgilityEmbedded Documentation Why you should care Commented code lines rate is the percentage of lines of codes that are preceded with at least one line of comment. Comments are essential in every programming language for summarizing, communicating and clarifying sections of code - in order to assist others working on an application. Low commented [...]

CostSoftware AgilityEmbedded Documentation Inline comments can increase costs Count one violation each time an instruction statement is followed by a comment on the same line. bad : x = y + z # This is a trailing comment that can become hard to read. good: # A comment before the actual code, is better readable [...]

CostSoftware AgilityEmbedded Documentation Uncommented functions or methods increase costs Count one violation each time a function or method do not have a docstring as first instruction: bad : def area (width, height) : return width * height good: def area (width, height) : """ Returns the area of a rectangle. """ return width * height [...]

CostSoftware AgilityEmbedded Documentation Uncommented Classes increase costs Count one violation each time a class do not have a docstring as first instruction: bad : class CustomException (Exception) : def __init__ (self, msg, code) : self.msg = msg self.code = code good: class CustomException (Exception) : """Raise when some custom event did not occur.""" def __init__ [...]

InnovationSoftware EleganceCode Complexity Nested loops can slow down innovation This code insight detects loops within a loop (for, do, while, foreach, etc.). Depending on thresholds observed in the benchmark of thousands of applications and billions lines of code, Highlight accounts penalty points to the given scanned files. Why you should care For code readability and [...]

InnovationSoftware EleganceCode Complexity Too many nested Loops decreases innovation Count number of loops inside another loop.     Why you should care   Business Impacts Complex code can slow down Innovation Innovation CAST recommendations References About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement [...]

Software EleganceCode Complexity Why you should care A JavaScript file should not declare an excessive number of functions since a higher number of functionalities declared in a module increase the complexity of this module and slows down the effectiveness of the code. Too many functions can also lead to bigger file sizes which leads to reduced [...]

CostSoftware AgilityCode Readability Too many classes without same name as file name can increase costs This code insight searches all the classes not having the same name as the file. Why you should care Having the naming conventions make the source code more easy to ready and so to maintain.  Try to reduce the number [...]

CostSoftware AgilityCode Readability Too many elseif statements increases costs This code insight searches all the Functions and Methods  having an Elseif statements. Why you should care For the readability reasons else and if should be used instead of ElseIf.  Try to reduce the number of Functions and Methods having elIf statement and review the source [...]

CostSoftware AgilityCode Readability Inconsistencies in @throws tags can increase costs This code insight searches all the function that throws functions without having a @throws tag. Verifies : 1 - that a @throws tag exists for a function that throws exceptions. 2 - the number of @throw tags and the number of throw tokens matches. 3 [...]

CostSoftware AgilityEmbedded Documentation Missing comments can increase costs in PHP This code insight searches all the File not respecting the nameing convention. Functions, interfaces and classes closing bracket should be commented. Search for corresponding comment pattern : // end class // end interface // end method xxx() Why you should care For correctness reasons, the [...]

CostSoftware AgilityCode Readability Increment/Decrement Operators can increase costs This code insight searches all the artifacts having increment/decrement operators. Increment and decrement operators 1) cannot be used in an arithmetic operation. Ex of violation : $id = --$i - $x; 2) must be bracketed when used in string concatenation. Ex of violation : $id = $id.'_'.$i++;    [...]

This code insight searches all the Function and Methods having unused parameters.
Review the source code in order to try to reduce the number of Functions
and Methods having unused parameters.

CostSoftware AgilityCode Readability Ternary operators in Java can make code unreadable This code insight counts one violation each time a ternary operator is encountered. Note : Do not confuse with question mark used as wildcard for unknow generic type. bad String data = (str.contains("A") ? "Str contains 'A'" : "Str doesn't contains 'A'"); good if [...]

Software AgilityCode Readability Avoid too many classes in the same file This code insight counts one occurrence each time a source file is found with multiple class definitions. Developers can spend time looking for a class in a file if multiple classes are there. Converserly, it is straightforward when the file contains only the searched [...]

CostSoftware AgilityCode Readability Too many uses of ternary operators can increase costs Count one violation each time the operator (... ? ... : ...) is used. Grep "?" character except in java when it is involved in a wildcard notation (<?) of generic types. Example : are excluded "List<?>" or "List<? extends T> Why you [...]

CostSoftware AgilityCode Readability Too many class implementations can increase costs Count the number of distinct classes involved in the scope of implemented methods. ex : MyNamespace::MyClasse1::MyMethods () {...} MyClasse2::MyMethods () {...} Why you should care Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. [...]

CostSoftware AgilityCode Readability Too many class definitions can cause agility issues This code insight counts number of classes definition pattern : class xxx { template <...> class xxx { Why you should care Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. Cost CAST [...]

Software ResiliencyCode Reliability While Loops are more productive than For Loops This code insight searches all the artifacts having for loops which can be simplified to a while loop. For loops that do not have Init nor Update part : for ( ;cond; ) Remedy - Try to reduce the number of the artifacts having [...]

Production RiskSoftware ResiliencyCode Reliability Constructors with a return value can be unproductive in PHP This code insight counts a violation each time the script has a constructor with a return value " <?php class foo { function foo(){ $error = ''; // is set when something goes wrong // things that can go wrong return [...]

Software ResiliencyCode Reliability Having empty statements can be unproductive in PHP This code insight counts a violation each time an empty statement is detected in PHP <?php statement1 { // comment //Violation } statement2 (conditions) { // comment //Violation } } } Remedy - Modify the source code to reduce the number of artifacts containing [...]

Software ResiliencyCode Reliability Too many functions with default value parameters are unproductive This code insight counts a violation each time parameter has a default value "class CastTest { public function addData( $param0, $param1, $param2, $param3, $param4, $param5, $param5, $param6, $param7, $param8, $param9, $param10) { } }" Why you should care Long parameter lists can indicate [...]

Production RiskSoftware ResiliencyCode Reliability Having an assignment to "this" can be unproductive This code insight counts a violation each time the PHP script has an assignment to "this" "This report lists all the Classes containing assignements to '$this'. It provides the following information: Class full name." Remedy - Modify the source code and do not [...]

Software ResiliencyCode Reliability How we detect This code insight counts a violation each time an "instanceOf" is utilized public final class BadInstanceOf { public static void doSomething(Animal aAnimal){ if (aAnimal instanceof Fish){ Fish fish = (Fish)aAnimal; fish.swim(); } else if (aAnimal instanceof Spider){ Spider spider = (Spider)aAnimal; spider.crawl(); } } // PRIVATE // private static [...]

Software ResiliencyCode Reliability Why you should care Although Switch cases do not require ending breaks after the default statement, It is recommended to end every branch with a return, or break statement, for the following reasons -   Refactorability - Branches ending with break or end can be easily reordered without having their changing their [...]

Software ResiliencyCode Reliability Why you should care Global variables should be encapsulated in a class and doing so can make code more productive. Business Impacts Production Risk CAST Recommendations References https://stackoverflow.com/questions/9765942/space-after-function-name-is-wrongStyle Guide How we detect This code insight counts a violation each time there are too many global variables int m_iGlobal = 0; void m() [...]

Production RiskSoftware ResiliencyCode Reliability Memory leaks in C++ is a huge production risk This code insight counts a violation each time a Call free or delete to free the memory.  List all locations where a memory allocation is created (malloc/calloc/realloc, new, and std::auto_ptr.release()) that is not freed (using free or delete). void f() { int [...]

Production RiskSoftware ResiliencyCode Reliability Inconditional branches are unproductive in C++ This code insight Count one violation each time one of the following keywords is encountered : continue, goto, break. Exception : break at end of "case" statements.   Why you should care Inconditional branches can lead to loss of productivity and necessary optimizations in the [...]

Production RiskSoftware ResiliencyCode Reliability Too many classes with missing destructors can be unproductive This code insight counts a violation each time too many classes with missing destructors are detected.   Why you should care Classes with missing destructors can make the code unproductive. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s [...]

Production RiskSoftware ResiliencyCode Reliability Too many classes with missing constructors can be risky This code insight counts a violation each time C++ has too many classes with missing constructors Why you should care Too many classes with missing constructors can be unproductive. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s Code [...]

Production RiskSoftware ResiliencyCode Reliability Incorrect dynamic class definition can be non-resilient This count insight counts a violation in this non-compliant code example, the function A<int>::f2() is ill-formed because int is not a class and does not have a member named x. Clearly the designer of template A did not intend it to be applied to [...]

Production RiskSoftware ResiliencyCode Reliability Macro definitions cause resiliency issues This code insight counts one violation each time a macro without parameters defines a literal constant. Literal constants are number, character or strings : - numbers, possibly preceded with . or \ - characters enclosed with ' - strings, enclosed with ' or " Exemple of [...]

Production RiskSoftware ResiliencyCode Reliability Classes with missing destructor declarations can be unproductive This code insight highlights a violation when a class has missing destructor declarations class Vehicle { public: Vehicle(); virtual ~Vehicle(); void start(); void stop(); virtual void run(); protected: Engine* theEngine; }; class Car : public Vehicle { public: Car(); ~Car(); // VIOLATION protected: [...]

Software ResiliencyCode Reliability Single quote strings keeps code consistent and productive This code insight counts a violation each time a string is enclosed with double quotes, except if the string contains single quotes within double quotes. bad: "it is a bad string" "it is a \"bad\" string" good: "it ' s a good string" var [...]

Software ResiliencyCode Reliability Array literals are less risky than Array constructors in JavaScript This code insight counts one violation each time "new array(...)" is encountered. bad : Length is 3 : var a1 = new Array(x1, 1.2, "string"); Length is 2 : var a2 = new Array(x1, x2); Length is x1 or error if not [...]

Software ResiliencyCode Reliability Why you should care Since each iteration through the loop results in a property lookup either on the instance or on a prototype, the for-in loop has considerably more overhead per iteration and is therefore slower than the other loops. For the same number of loop iterations, a forin loop can end [...]

Software AgilityCode Reliability Why you should care Relying on implicit insertion can cause subtle, hard to debug problems. Don’t do it.  There are a couple places where missing semicolons are particularly dangerous: MyClass.prototype.myMethod = function() {     return 42; }  // No semicolon here. (function() {     // Some initialization code     // [...]

Software ResiliencyCode Reliability Why you should care Using the simplified, but deprecated/discouraged commands in shell scripts can lead to minor unpredictability and less feature flexibility. It is better practice to stick to the established alternatives to these two commands, for readability, consistency and expansion. Why you should care Using certain syntax in shell, like these [...]

Software ResiliencyCode Reliability Having too much Spaghetti Code can be risky This code insight counts one violation each time the keywords break and continue are encountered. Why you should care Avoid unstructured jumps introduced by instructions that interrupt the control flow. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s Code Insights [...]

Software ResiliencyCode Reliability Why you should care Checking arguments is a critical component of Shell script. The $# variable indicates the number of arguments.  If this variable is improperly implemented, then the arguments are left unchecked which can lead to improper execution and bugs in the code. Business Impacts Leaving arguments unchecked on multiple shell [...]

Production RiskSoftware ResiliencyCode Reliability No explicit EXIT instruction in last statement in KSH can be risky This code insight counts one violation each time the last instruction of the script is not EXIT. Why you should care If no exit is used, the default behaviour is to exit with the return code of the last [...]

Production RiskSoftware ResiliencyCode Reliability Methods as functions tend to be unproductive This code insight counts one violation each time a method : has no @staticmethod decorator and no "self" as first argument has @classmethod decorator and no "cls" as first argument class Rectangle: # should be preceded by @staticmethod here def area(width, height): return width [...]

Software ResiliencyCode Reliability Explicit return in __init__ is Unproductive This code insight counts one violation each time a return statement is encountered in a __init__ method. Why you should care __init__ is a special Python method that is automatically called when memory is allocated for a new object. The sole purpose of __init__ is to initialize the values of instance [...]

Production RiskSoftware ResiliencyCode Reliability Magic Methods in Python can be Risky This code insight counts one violation each time a magic method is called, except if it is in the body of a magic method. bad first_names = ["eve", "lisa", "robert", "paul", "alice"] if first_names.__contains__("robert"): print("list of first names contains robert") good example 1 first_names [...]

Production RiskSoftware ResiliencyCode Reliability Having + for list concatenation This code insight counts one violation each time a "+" operator is involved in list concatenation. Why you should care Extending a list through a reassignment is not recommended since Python offers other solution for that task with significant performance benefits. Business Impacts Production Risk CAST [...]

Production RiskSoftware ResiliencyCode Reliability Long try blocks can cause risk in code This code insight computes the integer part of the average size of all "try" block in number of lines of code. For one "try" block, count the number of line of code between the "try" keyword and the first "except" keyword. Example : [...]

Production RiskSoftware ResiliencyCode Reliability Importing naming collisions can cause risks This code insight Counts one violation each time a name collision  is encountered: pattern 1: from xxx import yyy from zzz import yyy pattern 2: from xxx import yyy as zzz from aaa import bbb as zzz pattern 3: import yyy as zzz import bbb [...]

Production RiskSoftware ResiliencyCode Reliability Global Variables can easily change module behavior This code insight counts one violation each time global variable is declared, unless its name is uppercase. Why you should care Avoid global variables. Variables that are declared at the module level have the potential to change module behavior during the import, because assignments [...]

Production RiskSoftware ResiliencyCode Reliability Empty and Implicit Returns cause resiliency issues. This code insight Counts one violation each time a function has at least one significant return (expression different from nothing, none or false) and in the same time :  at least one empty return OR an implicit return in place of the last statement. [...]

Software ResiliencyCode Reliability Conflicts in Local / Global Variables can be Unproductive This code insight counts one violation each time a global variable is assigned in a function, because the variable has the same name. In python, variables are created after receiving their first allocation, so with the following pattern : <identifiers> = bad <xxx> = [...]

Production RiskSoftware ResiliencyCode Reliability Unused arguments are quite risky for the code. This code insight counts one violation each time a function parameter is not used. Why you should care An argument of a function or method is not used in its body. This error is not critical, but considered bad style. Business Impacts   [...]

Production RiskSoftware ResiliencyCode Reliability Always call ancestor to avoid risks in Python code This code insight counts one violation each time an __init__ method is not calling its ancestor. In a class declared like: class childClass (parentClass): ...def __init__(self): ...... The body of the __init__ function should contain the one of the following statements : [...]

Production RiskSoftware ResiliencyCode Reliability Multiple Significant Returns are risky for the code This code insight counts one violation each time a function has several meaningful return statements. Meaningful return statements are returning an expression different from <nothing>, None and False. Why you should care When a function grows in complexity it is not uncommon to [...]

Production RiskSoftware ResiliencyCode Reliability Unused imports cause risks in code This code insight counts one violation each time a import is nerver used. Why you should care Usually, when this issue is encountered, it means that you began implementing a module but did not finish it. Other times, you might have refactored a module, but [...]

Production RiskSoftware ResiliencyCode Reliability This code insight shows that Unused variables can cause risks in code Counts one violation each time local variable is initialized but never used. bad def area(width, height): a = width * height # todo: implement logging using variable a return width * height good def area(width, height): return width * [...]

CostSoftware AgilityCode Readability Automatic numbering increases costs This code insight counts one violation each a string contains empty format replacement fields. bad print "{} is {}".format("life","hard") good print "{0} is {1}".format("life","hard") Why you should care If you are not numbering your replacement fields {} in your format string, Python auto-numbers them. For example, using "{} [...]

CostSoftware AgilityCode Readability Backslash line continuation makes code less readable This code insight shows that each time a backslash is the last non blank character of a line. Bad my_very_big_string = """"""For a long time I used to go to bed early. Sometimes, \ when I had put out my candle, my eyes would close [...]

CostSoftware AgilityCode Readability len() as upper boundary makes code less readable This code insight shows that Python tries to make the task of slicing lists and numpy.arrays as convenient as possible. If one needs a slice which reaches till the end of the object the upper boundary can be left empty. When negative numbers are [...]

CostSoftware AgilityCode Readability Multiline Conditional Expressions should be avoided This code insight counts one violation each time a multiline conditional expression is encountered. bad x = 1 if cond else 2 good x = 1 if cond else 2 Why you should care Conditional expressions are mechanisms that provide a shorter syntax for if statements. [...]

CostSoftware AgilityCode Readability Improper Indentation can reduce readability This code insight shows that improper indentation can reduce readability Why you should care Per the PEP 8 Style Guide, all Python code should be consistently indented with 4 spaces for each level of indentation, not tabs. Business Impacts It is recommended to avoid bad indentation to [...]

CostSoftware AgilityCode Readability Avoid Main Procedures not having an ON ERROR clause This code insight shows that not managing errors can lead to data corruption and incorrect behavior, even if the error is managed through specific architecture. Why you should care Business Impacts Cost CAST recommendations References http://psoug.org/definition/END.htm About CAST and Highlight’s Code Insights Over [...]

CostSoftware AgilityCode Readability Avoid unused Function parameters (PHP)   This code insight advises that for readability reasons, Functions should not have unused parameters. Review the source code to try to reduce the number of Functions and Methods containing unused parameters. Why you should care Business Impacts Cost CAST recommendations References http://psoug.org/definition/END.htm About CAST and Highlight’s [...]

Software ResiliencyProgramming Best Practices Missing default in switch statements can cause Production Risk This code insight ensures that the keyword "default" is executed when none of the conditions being tested for in the switch statement are met or executed. Having no default keyword, means that there is no backup. The cases that are "impossible" today [...]

Production RiskSoftware ResiliencyProgramming Best Practices Avoid using SELECT ... ENDSELECT statement   This code insight shows that The SELECT ... ENDSELECT works as a loop fetching single record for every loop pause. Basically, it works like a client cursor which will generate too much traffic on the network and communications between the application server and [...]

Production RiskSoftware ResiliencyCode Reliability Avoid using "SELECT DISTINCT", use DELETE-ADJACENT   This code insight ensures for performance reason, if some of the fields are not part of an index, then it is often better to avoid using SELECT DISTINCT. Why you should care Business Impacts Production Risk CAST recommendations References https://technet.microsoft.com/en-us/library/ms187009(v=sql.105).aspx About CAST and Highlight’s [...]

Production RiskSoftware ResiliencyProgramming Best Practices Avoid using dynamic queries   This code insight shows that dynamic queries are difficult to test and can decrease the code understanding. Moreover, include dynamic coding in UI components can generate security issues if the content of the dynamic clauses is not filtered properly. Why you should care Avoid using [...]

Production RiskSoftware ResiliencyCode Reliability Avoid Main Procedures having complex queries This code insight shows that having complex queries in SQL Artifacts can cause performance problems. Why you should care Business Impacts Production Risk CAST recommendations References https://technet.microsoft.com/en-us/library/ms187009(v=sql.105).aspx About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software [...]

Production RiskSoftware ResiliencyProgramming Best Practices Avoid classes overriding only equals() or only hashCode() This code insight reports all classes that override only boolean equals(Object) or only int hashCode() . Why you should care Often classes are used in HashMap to provide an efficient storage and retrieval. The Java platform architects anticipated the importance of hash-based [...]

Production RiskSoftware ResiliencyCode Reliability Type() can hamper productivity This code insight detects each time type() is used in code Why you should care The function isinstance is the best-equipped to handle type checking because it supports inheritance (e.g. an instance of a derived class is an instance of a base class, too). Therefore  isinstance should be used [...]

Production RiskSoftware ResiliencyCode Reliability Truncate tables compromise backups This code insight detects the total number of database objects containing code: SP, Functions, and Triggers.  Why you should care Although "truncate table" statement can be desirable under some circumstances from a performance point of view it is problematic because deletion are not logged. Thus the log [...]

InnovationSoftware EleganceCode Complexity The code contains too many includes. This code insight lists all Abap Programs using too many Includes. It provides the following information: Abap Program fullname, number of Includes  Why you should care High number of Includes decreases the visibility in terms of data definitions and processes. Program maintenance will become difficult. Business [...]

Software EleganceCode Complexity Why you should care If the amount of data is large, nested loops are fully avoided due to performance issues. If the program is extracting small amount of data, then focus on SELECT statements than nested loops. The indexed loop and READ statement using binary search are the best methods to avoid [...]

Software ResiliencyCode Reliability Why you should care VB has specific behavior that enable the developer to use variables even if these variables have not been previously declared and typed. However, it is possible to avoid this default behavior using the Option Explicit : in this case, all variables will require a declaration prior use. This [...]

Software EleganceCode Complexity Why you should care Parameters are used to pass data between a stored procedure and the batch or script. It results in executing the stored procedure. Each Parameter has a limit, known as a Parameter limit, which is hard-coded per stored procedure. The Parameter limit, in an SQL server, is 2,100. This [...]

JSPSQLJSP{{ vc_btn:title=Software+Resiliency&style=flat&color=juicy-pink&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-resiliency%252F%7C%7C%7C }} {{ vc_btn:title=Code+Reliability&style=flat&color=black&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-resiliency%252Fcode-reliability%252F%7C%7C%7C }} Why you should care Every Servlet or JSP exposed to the Internet represents another attack surface and potential failure point. The best solution is to expose only what's necessary under the most restrictive conditions that make sense. It is common to think that internal web applications are deployed where [...]

Avoid classes using incorrect dynamic allocation Software ResiliencyProgramming Best Practices This code insights verifies classes that don't use dynamic allocation correctly, i.e. without constructors by copy or without allocation operator. Depending on the density of occurrences and specific thresholds, Highlight counts penalty points to the scanned file. Why you should care Classes with incorrect dynamic [...]

Avoid classes with missing destructor declarations in header files Software ResiliencyProgramming Best Practices This code insight verifies in C++ applications if classes in header files (.h) haven't declared destructors. Highlight counts one occurrence for each missing class destructor found in a header file. Why you should care In some cases, missing class destructors can lead to memory leaks, [...]

Avoid macros defining constants Software ResiliencyCode Reliability This code insight verifies in C++ applications when macros without parameters define a literal constant. Depending on the density of occurrences and the thresholds set for this code insight, Highlight counts penalty points for the scanned file. Literal constants are numbers, characters or strings (numbers, possibly preceded with . or \, characters [...]

Lack of multiple-inclusion protection in header files   Software ResiliencyProgramming Best Practices This code insight verifies in C++ applications that header files (.h) are protected against multiple inclusion. If a header file is not using the appropriate syntax, Highlight counts an occurrence. Why you should care The basic use of header files is to provide [...]

Too many unconditional branches may end to Spaghetti Code Software ResiliencyProgramming Best Practices This code insight counts the number of unconditional branches (e.g. GOTO, continue, break except if it is at end of a 'case statement'...). Highlight counts penalty points contributing to the Software Resiliency health factor, depending on the density of this pattern you should ideally have in [...]

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Software ResiliencyCode Reliability Why you should care The RETURN statement is useful as it terminates a query, stored procedure or batch. When used in a stored procedure, the RETURN statement specifies an integer value to return to the calling application, batch, or procedure. If no value is specified then the stored procedure returns the value [...]

Software ResiliencyProgramming Best Practices Why you should care Some specific code syntaxes, even if they compile and don't make a software crash directly, are not recommended mainly for two reasons: They're often obscure and/or implicit and could definitely lead to misinterpretations by junior developers, which frequently means unexpected bugs when the code is modified When [...]

Native Dynamic SQL is easier to use than DBMS SQL. Software ResiliencyProgramming Best Practices This code insight shows that PL/SQL provides two ways to write dynamic SQL: Native dynamic SQL, a PL/SQL language (that is, native) feature for building and executing dynamic SQL statements DBMS_SQL package, an API for building, executing, and describing dynamic SQL [...]

Software AgilityCode Readability Why you should care The END keyword is useful as it terminates a PL/SQL block. This keyword is found at the end of procedures, functions, packages, triggers, blocks or any type of body where an executable action is performed. In other words, it signifies the end of execution of a block. Business [...]

Software ResiliencyProgramming Best Practices Why you should care The RETURN statement is useful as it terminates a query, stored procedure or batch. When used in a stored procedure, the RETURN statement specifies an integer value to return to the calling application, batch, or procedure. If no value is specified then the stored procedure returns the [...]

Software EleganceCode Complexity Why you should care Developers do not recommend mixing DDL and DML Operations. They are generally avoided because such mxing can cause a Recompile which results in resetting the code differently and causing a mess in the process. It is recommended to place all DDL statements at the top of the stored [...]

Software AgilityCode Readability Why you should care Object Qualification is the process of determining whether a persistent object satisfies a set of specified conditions. It is typically performed as part of a search operation that finds a group of persistent objects based on the values of one or more of their attributes. It is tested [...]

Software EleganceCode Complexity Why you should care Having complex conditional expressions in your software might slow down your development team to quickly evaluate if and how the code will be run within these conditions. In addition, if conditions are misunderstood because there are too complex (especially when additional native functions like “!empty” or “!isset” makes [...]

Software ResiliencyProgramming Best Practices Why you should care Most developers contend that it’s not ideal to have an empty catch block. Empty Catch is the cause of an exception occurring where nothing happens and the program fails. When such an exception occurs, it can be thrown up to the caller, or caught in catch block. [...]

Software ResiliencyProgramming Best Practices Why you should care A tag library defines a collection of custom actions. The tags can be used directly by developers in manually coding a JSP page, or automatically by Java development tools. A tag library must be portable between different JSP container implementations. If the tag library is not utilized, [...]

Software AgilityCode Readability Why you should care Documentation is useful as it helps maintaining and embedding the code well. Undocumented code causes problems in the code by decreasing agility and maintenance reduction. Business Impacts Documenting code is advised as it allows for the code to be better maintained which frees up the code from potential [...]

Software ResiliencyProgramming Best Practices Why you should care Every constant, variable, and parameter has a datatype (or type) which specifies a storage format, constraints, and valid range of values. PL/SQL provides a variety of predefined datatypes which tend to be inefficient in nature. It’s recommended to use efficient practices over inefficient types to ensure the [...]

Software ResiliencyProgramming Best Practices Why you should care This is important since Javascript has comparison operators such as “regular equality” (==) and “is not equal to” (!=) which compares two values (strings, numbers, boolean operands and so forth) for equality. With “regular equality”, two values are set to identical after being converted to a common [...]

Software ResiliencyCode Reliability Why you should care Eval() is a function property of the global object. The argument of the of the eval() function is a string. If the string represents an expression, eval() evaluates the expression. If the argument represents one or more JavaScript statements, eval() evaluates the statements. Do not use eval() to [...]

Software AgilityCode Readability Why you should care Local Variables occurs when a typeset statement is used inside a function definition and the respective variables involved all become ‘local’ to that function (in addition to any properties that may take on as a result of typeset options.) The ability to define variables that are local to [...]

C/C++ (MISRA)PL/SQLC/C++ (MISRA)Software ResiliencyCode Reliability Why you should care The basic numerical types of char, int short, long, float, double, and long double should not be used directly to declare variable. This is because their storage size is machine dependent, and so for portability consideration, specific-lengths typedefs types should be used instead. Example of usefull [...]

Software EleganceCode Complexity Why you should care Artifacts with a SELECT clause tend to be complex in nature as SELECT clauses with many clauses are difficult to read and does not help the reader in identifying the columns that can be retrieved. Also a query that retrieves many columns can potentially cause performance problems as [...]

Software ResiliencyProgramming Best Practices Why you should care Deprecated features are usable but should not be used because they are expected to be removed entirely in the near-future and placing them in the code can cause potential bugs and be less resilient. Business Impacts Deprecated features are considered to be highly risky and unproductive in [...]

Software AgilityCode Readability Why you should care File Naming Convention helps one stay organized by making it easy to identify the file(s) that contain the information from its title and by grouping files that contain similar information close together. It also helps others better understand and navigate through one’s code. Business Impacts File Naming Convention [...]

Software ResiliencyCode Reliability Why you should care Specify precision which is the total number of digits, and scale, which is the number of digits to the right of the decimal point. The range of a Char variable is from 1 to 32767 bytes. When the expression falls outside this range, it is no longer precise [...]

Software ResiliencyProgramming Best Practices Why you should care The first line is useful as it tells the OS what interpreter to invoke in order to run the script. In this case, the interpreter is the KSH interpreter. Without this line, the KSH interpreter cannot used to run this script. Business Impacts The first line in [...]

Software ResiliencyProgramming Best Practices Why you should care It is important to remember that KSH uses variables and parameters to store values.  It also supports data types and arrays.  The four data types KSH supports include string, integer, float and array.  If a data type is not defined then KSH assumes the variable is a string. Usually KSH [...]

Software AgilityCode Readability Why you should care It is recommended to have the list be symmetrical as it allows for the code to be readable and understandable by the user as well allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes. Business Impacts It is advised to give careful attention [...]

Software AgilityCode Readability Why you should care It is recommended to correctly indent the lines as it allows for the code to be readable and understandable by the user as well allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes. Business Impacts Ensuring that lines are properly indented allows for [...]

Software AgilityCode Readability Why you should care It is recommended to ensure local variables not short as it allows for the code to be readable and understandable by the user as well as allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes Business Impacts Managing the length local variables allows [...]

Software AgilityCode Readability Why you should care With line-oriented text, the backslash is used at the end of a line to indicate that the trailing newline character is to be ignored. In other words, with the backslash, the following line belongs on the same line as the line prior. As in they are both on [...]

Software AgilityEmbedded Documentation Why you should care Adding comments to the HTML code generally provides assistance to the developer but provides little practical use to the client as it does not increase user-friendliness since having commentaries on the source page could be a bit unnecessary. Business Impacts It is recommended to avoid Incorporating HTML comments [...]

Software ResiliencyProgramming Best Practices Why you should care Pipes take the output of one command and put it on the input of another command. They can also be strung together. This way, one can find matches in a particular pattern in their name AND have a particular IP address range. However the disadvantage is that [...]

Software ResiliencyProgramming Best Practices Why you should care Having too many pipe commands could result in code inefficiency as well as possible entry of bugs and crashes in the code due to increased stringing and redirections as a result. Business Impacts Using pipes in a program can be a risky decision as it tends to [...]

Software ResiliencyProgramming Best Practices Why you should care The DECODE function belongs to PLSQL and has the functionality of an IF-THEN statement. It’s syntax is as follows DECODE( expression , search , result [, search , result]…[, default] ) expression – The value to compare search – The value is compared against expression result – [...]

Software ResiliencyProgramming Best Practices Why you should care It is recommended to use Javabeans and tags as Java Beans are good general-purpose objects that encapsulate information and states in a portable setting while allowing for its’ properties, events and methods can be controlled as they are exposed to an application builder tool. JSP tags are [...]

Software AgilityEmbedded Documentation Why you should care Short identifiers were in existence as early variable mnemonics were limited to as few as six to eight characters leading to many developers abbreviating concepts in their variable names. However, in the past thiry years since 2009, there has been a steady increase in permitted name length and [...]

Software ResiliencyProgramming Best Practices Why you should care When an exception occurs during programming, it is usually caught in a catch block. Empty catch is when an exception occurs but the program fails because nothing occurs. As a result, they are a common source for obtaining errors in the code, and then executing these errors. [...]

Software ResiliencyProgramming Best Practices Why you should care The GOTO statement branches unconditionally to a statement label or block label. The label must be uniqe within its scope and precede an executable statement. The issues with GoTo however is its repetitive and superflous nature. It also enlongates the conceptual phase between the static prgram and [...]

Software ResiliencyCode Reliability Why you should care Semicolons are utilized in PLSQL to terminate a statement. Without it the statement is not terminated and sends back an error. Business Impacts Semicolons are essential to any code that runs a working program. Without it, the code does not work. Production Risk CAST Recommendations References http://www.toadworld.com/platforms/oracle/w/wiki/1767.plsql-semicolon-delimiter-plf4Style Guide [...]

Software ResiliencyCode Reliability Why you should care Transactions are vital in SQL as one of them is the representation of one or more changes to the database. For instance, anytime a record is created, updated or deleted in the database, a transaction is performed in that database. Therefore, it is recommended to manage transactions as [...]

Software EleganceCode Complexity Why you should care EXIT instruction is designed to exit the entire script hence the purpose of having only one instruction at a time. EXIT instruction has the capability of causing some of the script to be unread if placed incorrectly. As a result, the script will have compilation errors. Business Impacts [...]

Software ResiliencyProgramming Best Practices Why you should care Candidate Key can be any column or a combination of columns that can qualify as a unique key in the database. There can be multiple Candidate keys in one table. Each candidate key can qualify as Primary Key. Primary Key is a column or combination of columns [...]

Software AgilityCode Readability Why you should care Variables and parameters are used by the Korn shell to store values. The Korn shell supports data types and arrays. The Variables are global in scope and begin with an alphabetic or underscore character followed by one or more alphanumeric or underscore characters. Other variables include digits (0 [...]

Software AgilityCode Readability Why you should care Having multiple instructions on one line of code remarkably decreases readability of the code as well as making it tougher to understand, and execute, causing it to be more susceptible to bugs in the long run. Business Impacts It is recommended to have reduce the number of instructions [...]

Software ResiliencyCode Reliability Why you should care When writing a JSP code, coding errors can happen at any part of the code. When an error occurs, the file cannot be found causing an exception. Such exceptions included are Checked exceptions, Runtime exceptions, Errors. JSP provides ways to handle exceptions such as specifying Error Page for [...]

Software ResiliencyCode Reliability Why you should care Conditional Comments are designed exclusively for Internet Explorer (IE), and hence they operate greatly in that specific browser as these comments are suited to give special instructions that are only meant for IE. As a result, conditional comments are considered a hindrance when run in a browser, other [...]

Software ResiliencyCode Reliability Why you should care Background processes occur behind the scenes without user intervention. They can be considered unwanted and slow down the software that is running and is of main priority to the user. Background processes occur as KSH is capable of providing a facility to control and run job in the [...]

Software ResiliencyProgramming Best Practices Why you should care A static or unqualified report is found in the JSP which is analogous to normal import declaration. The report is unqualified after adding a star(*) at the end of the import statement. However the issue with the unqualified report is that they make one’s program unreadable impacting [...]

Software ResiliencyCode Reliability Why you should care The KSH script starts at the first and essentially ends when the code encounters an “exit” or the last line. When exiting a code without parameters, it causes the code to become unreliable and cause errors that tend to become unmanageable. Business Impacts It is recommended to have [...]

Software ResiliencyProgramming Best Practices Why you should care If and else statements are considered to be time consuming in nature as they tend to be repetitive in order to execute the code properly which causes is not ideal for a programmer and can also be considered taxing for the CPU. Business Impacts While if and [...]

Software ResiliencyProgramming Best Practices Why you should care Having multiple lines as one line of code remarkably decreases readability of the code. This makes the source code tougher to understand, and execute, causing it to more error prone and susceptible to bugs in the near-future. Business Impacts Combining multiple lines of code on one line [...]

Software AgilityCode Readability Why you should care Having Complex queries in SQL Artifacts lead to causing performance problems and decrease in code agility. Subqueries are considered to be complicated in nature. Business Impacts Complex queries are not recommended as they reduce code agility thereby increasing costs. Cost CAST Recommendations Subqueries are generally considered fine unless [...]

Software ResiliencyCode Reliability Why you should care $$ is used to making temporary names with the process ID in KSH. It allows for the name to be unique to the process. Business Impacts $$ prevents risks and is helpful in making KSH code more productive by giving it more uniqueness. Production Risk CAST Recommendations References [...]

Software ResiliencyProgramming Best Practices Why you should care The PLSQL CASE has similar functionality of an IF-THEN-ELSE statement. The CASE statement evaluates a single expression and expresses it against several potential values or evaluates Boolean Values while choosing the first one that is TRUE. WHEN clauses are executed in order. WHEN clauses is executed only [...]

Software ResiliencyCode Reliability Why you should care A simple semicolon is used to end the items of structures, signatures and objects as these semicolons are considered mandatory. The double semicolon is also useful as it leaves no ambiguity in the code. It is required as it is used at the end of each clause as [...]

Software AgilityCode Readability Why you should care A package is a schema object that groups logically related PL/SQL types, variables, and subprograms. They usually have a specification (spec) and a body. The spec is the package’s interface which declares the types, variables, constants, exceptions, cursors, and subprograms which are referenced from outside the package. Although [...]

Software ResiliencyCode Reliability Why you should care Using a CompareTo Empty string is considered unreliable as it tests reference equality and not object equality. Generally when programming, one cannot entirely rely on reference equality as it tends to be inaccurate and unreliable which is not ideal for the code. Business Impacts It is recommended to [...]

Software ResiliencyCode Reliability Why you should care Including JavaScript files in HTML is not ideal as some browsers cannot read an external Javascript file and usually renders it completely blank. It usually requires importing a Jquery. Having Javascript files be unreadable in HTML can cause reliability issues. Business Impacts It is recommended to avoid JavaScript [...]

Software AgilityCode Readability Why you should care Mixing JSP standard syntax and JSP XML syntax is considered somewhat common as much of the standard JSP syntax is already XML-compliant including all the standard actions. However there are certain elements that are not compliant with an XML syntax. Such elements include Comments where Standard Syntax comments [...]

Software AgilityCode Readability Why you should care Group use declarations are used to cut verbiosity when importing multiple entities from a common nameplace. These declarations help make it easier to identify multiple imported entities belong to the same module. It helps improve readability, allow for the code to be less complicated and less error prone [...]

Software ResiliencyCode Reliability Why you should care setProperty() method interface sets a new value for a property on a CSS declaration object. Without commenting on the setProperty() method, it is left ambigous which is not ideal for good programming practice causing reliability issues which can result in an error prone software. Business Impacts It is [...]

Software ResiliencyCode Reliability Why you should care An Alias is an alternative name or reference that can be defined in a T-SQL statement for use within that statement. They are not stored by the SQL server permanently. Usually they are one or two characters long and are not required in any part of the statement. [...]

Software ResiliencyProgramming Best Practices Why you should care CDATA stands for character Data and is an XML construct. It lies in between these strings which include data that could mistakenly be interpreted as XML markup. It has no meaning in HTML as it is ignored by the parser. However, it is not ignored by Javascript [...]

Software ResiliencyCode Reliability Why you should care In PLSQL, an exception is a warning or a type of error condition. They can internally defined (by the run-time system) or user defined. An illegal exception occurs when a standard exception is declared by the user because such expressions are declared by PLSQL. Having illegal expressions in [...]

Software ResiliencyProgramming Best Practices Why you should care JSP fragments are a portion of a JSP code passed to a tag handler so it can be invoked as many times as required. They can be considered as a template that is used by a tag handler to produce customized content. A fragment attribute is evaluated [...]

Software ResiliencyProgramming Best Practices Why you should care Exception handling is the process in JSP to handle runtime errors. Any number of exceptions can arise when JSP page is executed. Without defining or declaring the errors, the error is not undeclared and is left unverified causing it have security risks and flawed resiliency which is [...]

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Switch statements should have a default case specified Software ResiliencyProgramming Best Practices This code insight verifies the ratio between the number of switch statements with missing default cases specified and the total number of switch statements found in the source code. Depending on this ratio and thresholds CAST has defined, Highlight counts penalty points for [...]

Database columns, functions, triggers and procedures should be commented Software AgilityEmbedded Documentation This code insight counts the number of function parameters, triggers, procedures and database columns (on CREATE TABLE) that are not commented. Based on specific thresholds CAST has defined, Highlight counts penalty points to the scanned file. Why you should care Making sure your [...]

Avoid exposing too many public class fields Software ResiliencyProgramming Best Practices This code insight counts the number of cases when an attribute is directly exposed outside a class (more explicitly when the keyword "public" is associated with a data field of the class). Based on the density and on specific thresholds CAST has defined, Highlight [...]

Avoid using functions before their declaration Software AgilityCode Readability This code insight counts the number of cases when functions are called prior to their definition in the source code. Based on the density of this bad practice and on specific thresholds CAST has defined, Highlight counts penalty points for the scanned file. Pattern example (here, [...]

Software ResiliencyProgramming Best Practices Why you should care As explained by W3C: “Accessing the DOM in browsers is an expensive thing to do. The DOM is a very complex API and rendering in browsers can take up a lot of time. You can see this when running complex web applications when your computer is already [...]

Code should be stripped out of suspicious comments (e.g. todo, tbd, tbc, etc.) Software AgilityEmbedded Documentation This code insight counts the number of occurences where suspicious keywords are found in comments. Based on the number of cases and associated with specific thresholds CAST has defined, Highlight counts penalty points to the scanned file. Keywords that [...]

Semicolons seem to be missing too frequently Software ResiliencyCode Reliability This code insight verifies that semicolons are not missing too frequently. Depending on the calculated density and based on thresholds CAST has defined by analyzing hundreds of Javascript projects, Highlight counts penalty points to the scanned file. Why you should care Although Javascript provides more [...]

Structural code complexity may be too high Software EleganceCode Complexity This code insight - derived from Tom McCabe's Cyclomatic Complexity - estimates the level of strutural complexity of a piece of source code by counting and summing the total number of logical conditions (if, while, for, case, default), functions and methods. Depending on specific thresholds [...]

The code contains too many lines containing several instructions Software AgilityCode Readability This code insights verifies that the source code doesn't contain multiple instructions in a single line. Depending on the density of cases of multiple instructions per line of code, and based on specific threshods, Highlight counts penalty points for the scanned file. The [...]

Software AgilityEmbedded Documentation Why you should care Ensuring your application source code is well-documented is a no brainer and an undisputed good programming practice. And since applications are now more and more exposed to a technical audience through APIs, the level and quality of the technical documentation is a key differentiator that could make your [...]

A line of code shouldn't be too long (to help readability) Software AgilityCode Readability This code insight counts the number of characters for each line of code and verifies that an application doesn't globally contain too many long lines. Depending on thresholds defined by CAST based on its expertise and experience in measuring software, Highlight [...]

Code indentation, line, and character encoding formats should be consistent Software AgilityCode Readability This code insights detects when different code formatting styles are heterogeneous (CRLF, CR or LF for new line formatting, full spaces, tab spaces ... for identations, UTF8, Windows-1252 … for character encoding). Depending on the number of different styles used within a [...]

Software AgilityCode Readability Why you should care You may think naming conventions are purely cosmetic, and you’re not completely wrong. However, this is a signature of a mature development team who writes good software. If theses simple rules are not applied, what about the rest? Like in English where a sentence starts with a capital [...]

Software ResiliencyProgramming Best Practices Why you should care A magic number is a direct usage of a number in the code (e.g. “if($foo > 65)”) which refers to a specific value that can’t be easily understood by just reading it. Using too many magic numbers can lead to these types of issues: – Confusing: the [...]

Too many controversial, unsafe or deprecated keywords in procedure divisions Software ResiliencyCode Reliability This code insights looks in COBOL procedure divisions for a list of possible deprecated or controversial keywords and verifies if their usage frequency is abnormaly high. Possible deprecated or controversial keywords Highlight looks at: SELECT, ACCEPT (if not followed by FROM DAY, [...]

Ensure that your main SQL-related code artifacts are documented Software AgilityEmbedded Documentation This code insight counts the number of SQL-related code artifacts (functions, procedures, triggers and view declarations) that are not preceded with a block of comments, and compares that number to the total number of artifacts. Depending on this ratio and based on thresholds [...]

Operators and operands should use appropriate spacing to help readability Software AgilityCode Readability This code insights verifies that operators and operands are generally surrounded with spaces for better readability. Depending on thresholds CAST has defined, Highlight counts penalty points for the scanned file if missing spaces are too frequent. Why you should care Itishardertoquicklyunderstandwordsthatarenotseparatedwithspaces, don't [...]

Software EleganceCode Complexity Why you should care Managing software complexity is an art of balancing the different natures of complexity that code can exhibit. Ensuring that logical operators are not too frequently complex within logical conditions is one way to help developers spend more time adding new features instead of trying to figure out how [...]

Software ResiliencyCode Reliability Why you should care In some contexts, using the keyword "this" could impact software reliability and lead to unexpected behaviors. More specifically, in a constructor, this is a reference on a new object just created by the new keyword when invoking a constructor. But, if the constructor is not invoked with new [...]

Wildcard imports should not be used too frequently Software AgilityCode Readability This code insight detects and counts the number of import statements with a wildcard (e.g. "import java.awt.*") and compares with the number of total import occurences found in the code. Why you should care Like in database queries, importing software libraries or packages using [...]

Exceptions shouldn't be caught with system exception classes Software ResiliencyProgramming Best Practices This code insight detects and counts the usage of generic exception catches like catch(…), Exception, Throwable, SystemException, RuntimeException, Error. Based on frequency thresholds CAST has determined by analyzing source code over the last 25 years, Highlight determines whether the usage ratio of these [...]

Software ResiliencyCode Reliability Why you should care Software development is an exact science and software doesn’t really like having doubts. Some programming languages have different ways to evaluate and compare manipulated information.  In the case of this code insight, a syntax confusion due to an implicit interpretation (e.g. using “==” instead of “===” in Javascript) [...]

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Too much commented out code can be counter-productive Software AgilityEmbedded Documentation This code insight counts the number of comment lines that starts with keywords such as if, else, while, foreach, switch, etc. and ends with ";", "{" or "}". Depending on the density of commented out lines compared to total lines of code, Highlight counts [...]

The code vocabulary frequency may be too low {{ vc_btn:title=SOFTWARE+ELEGANCE&style=flat&color=juicy-pink }} {{ vc_btn:title=CODE+COMPLEXITY&style=outline&color=juicy-pink }} This code insight - a derived metric from Halstead complexity measures - evaluates if a source file has a correct level of keyword variety (i.e. the ratio between the total number of operators/operand and the number of distinct operators/operands). If this [...]

Software EleganceCode Complexity Why you should care Having too large source files could be compared to looking for a needle in a haystack. If developers have to massively scroll down to go to the portion of code they want to fix or to add a new functionality, it costs time and energy. Although there's no [...]

Software AgilityCode Readability Why you should care A piece of source code in your software could be compared to a page of a book.  In a book, a human can’t easily read and understand a very long line – it’s all about eye comfort. That’s even more true when reading code, since each keyword could [...]

Ensure the code contains enough block of comments Software AgilityEmbedded Documentation This code insight verifies the ratio between the number of comment blocks and total lines of code instructions (comment, blank and docstring excluded). Depending on the calculated ratio and the technology (by design, some programming languages - keywords, operators, etc. - require less comments [...]

Short code identifiers are harder to understand Software AgilityEmbedded Documentation This code insight counts the number of code identifiers (such as class, function, method, attribute names, etc.) whose length is lower than a predefined number of characters for each technology. Depending on the density of these short identifiers vs. all identifiers, Highlight counts penalty points [...]