Avoid using risky patterns too frequently

5 September 2017
Posted by Michael MULLER
Code Insights, Programming Best Practices, Risk, Software Resiliency
Software ResiliencyProgramming Best Practices

Why you should care

Some specific code syntaxes, even if they compile and don’t make a software crash directly, are not recommended mainly for two reasons:

    • They’re often obscure and/or implicit and could definitely lead to misinterpretations by junior developers, which frequently means unexpected bugs when the code is modified
    • When located around these blurry syntaxes (coding gurus will qualify them as “art”), real bugs are much harder to catch, especially because the syntax doesn’t bestially describe what it does and needs advanced interpretations

    To illustrate the confusion these risky patterns could generate, take a look at this real-life example below found on GitHub (line #421 and #424):

    left_child = new_left_child;
    left_weight = left_weight;
    right_child = new_right_child;
    right_weight = right_weight;

    And most importantly, look at the issue and doubts this variable self-assignment has raised within the development team:

    Business Impacts

    Using risky syntax can lead to increased bugs in an application, since it makes troubleshooting and expansion of existing code needlessly complicated. This, in turn, will increase the time and effort that developers have to spend maintaining and updating a given codebase.

    Cost
    7633
    5362

    CAST Recommendations

    When possible, software should use the most simple and explicit code syntax to perform actions. While some development gurus say they can do more with less code, it generally means spending more time for small bugs.

    References

    https://stackoverflow.com/questions/11008030/a-for-loop-without-any

    Style Guide

    How we detect

    This code insight verifies that the source code doesn’t contain technology-specific patterns that tend to generate unexpected bugs. Below are listed some examples for the technologies Highlight supports. Based on specific thresholds CAST has defined over time, Highlight counts penalty points for the scanned file.

    C/C++ and Objective-C

    while(…);
    for(…);
    if(…);
    a = a;
    a == b;
    * expr ; with expr containing no function call nor assignment operator.

    VB/VB.Net

    <end of line>
    <begin of line> :
    ::
    =     …….. = (no colon or coma between the peer of equals)

    C#

    while(…);
    for(…);
    foreach(…);
    if(…);
    a = a ;
    a == b ;

    Java and JSP

    while(…);
    for(…);
    if(…);
    a = a ;
    a == b ;

    5362

    About CAST and Highlight’s Code Insights

    Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

    See featuresHow it works
    Copyright © 2021 CAST All Rights Reserved