String concatenation in loop causes production risks

Production RiskSoftware ResiliencyProgramming Best Practices

String concatenation in loop causes production risks

This code insight counts one violation each time an operator + or += is used with a string parameter inside a loop.

Note : the rule is restricted to expression with litteral string. Variable string need semantic to be detected.


employee_table = '<table>'
    for last_name, first_name in employee_list:
        employee_table += '<tr><td>%s, %s</td></tr>' % (last_name, first_name)
        employee_table += '</table>'


items = ['<table>']
    for last_name, first_name in employee_list:
        items.append('<tr><td>%s, %s</td></tr>' % (last_name, first_name))
    employee_table = ''.join(items)



Why you should care

Avoid using the + and += operators to accumulate a string within a loop. Since strings are immutable, this creates unnecessary temporary objects and results in quadratic rather than linear running time. Instead, add each substring to a list and ”.join the list after the loop terminates (or, write each substring to a io.BytesIO buffer).

Business Impacts

Production Risk

CAST recommendations



About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See featuresHow it works