Indicators & Methodology

Understand what CAST Highlight’s indicators and code insights mean and how to interpret them…

Highlight KPIs

Open Source Safety

Open Source Safety indicates the use of 3rd-party components that comply with security, license and age requirements.

Cloud Maturity

Definition Cloud Maturity Index measures the software & organizational characteristics that make applications more or less optimized for the cloud (or “cloud native”). This index from 0 (low maturity) to 100 (high maturity) is an average of the two main scores for measuring Cloud Maturity: Cloud Scan: This score from 0 to 100 is calculated [...]

Software Health

Definition Software Health indicates how your application complies with programming best practices that increase resiliency, improve agility and reduce complexity. Software Health score is the straight average of Software Resiliency, Software Agility and Software Elegance scores. Thresholds Thresholds used for Software Health categories: Low/Red: below 53.0 Medium/Orange: from 53.0 to 75.0 High/Green: above 75.0

Software Elegance

Definition Software Elegance measures the ability to deliver software value with less code complexity. A low Software Elegance score indicates decreased quality in the code resulting in higher defects which may become costly to fix in the mid-term.   Thresholds Thresholds used for Software Elegance categories: Low/Red: below 39.0 Medium/Orange: from 39.0 to 70.0 High/Green: above 70.0   Code Insights [...]

Software Resiliency

Definition Software Resiliency indicates programming best practices that make software bullet-proof, more robust and secure. This index is derived from technology-specific code analysis which searches for the presence of code patterns and bad programming practices which may compromise the reliability of the software in the short term. Higher the Software Resiliency, lower is the likelihood [...]

Software Agility

Definition Software Agility indicates the easiness of a development team to understand and maintain an application. This index is derived from technology-specific code analysis which searches for the presence of embedded documentation and code readability good practices.   Thresholds Thresholds used for Software Agility categories: Low/Red: below 54.0 Medium/Orange: from 54.0 to 69.0 High/Green: above 69.0   Code Insights [...]

Feature Focus: Green Impact score calculation

CAST Highlight introduced a new indicator for estimating the green impact of a software application. This article explains how the Green Impact score is calculated in CAST Highlight.

ROAR Index

The ROAR (Ranking of Application Risks) index is a composite metric that takes into account the three main Highlight software health factors (Software Resiliency, Software Agility and Software Elegance) with a weighted average formula, balanced with the Business Impact of the application. And that’s probably the most important part of the formula here, since it mixes both technical […]

Business Impact

Definition The Business Impact Index measures the criticality of an application for your business. The index is derived from specific online survey questions concerning application impact on the business. These questions capture key data points such as: number of major releases; volume of end users; and impact of application failure on revenue loss. CAST Highlight […]

Feature Focus: Enhanced Technical Debt Estimates

Technical Debt is useful measure to analyze the health of an application portfolio and start prioritizing and quantifying remediation effort. We recently revisited and enhanced the Technical Debt calculation in CAST Highlight to increase estimate accuracy, to make it more flexible, and to deliver more actionable insights. Read this article to learn more about these enhancements, the impact on current results and the features it enables. This change will take effect on December 12, 2020.

Software Maintenance Estimates

Definition Based on COCOMO II (Constructive Cost Model - Post Architecture), the Software Maintenance Effort calculated by Highlight estimates the ideal level of effort in order to maintain an application in good operational conditions, expressed in FTE (Full-Time Equivalent). This indicator is derived both from the Software Maintenance survey and the software quality analysis which are [...]

List of Cloud Service Recommendations

Using Software Intelligence, CAST Highlight combines detected code patterns, technologies and OSS components and contextual characteristics of an application to help cloud architects identify the best cloud services to adopt for their custom apps from Cloud vendors. Below is the list of Cloud services from Cloud Service Providers that CAST Highlight supports for recommendations.

Backfired Function Points

Definition Back-Fired Function Points (BFP) estimate the number of function points of an application. This code-derived metric is based on the lines of code, weighted by an abacus for a given technology. The abacus is taken from QSM (Quantitative Software Management).   Example An application is composed of 3 different technologies: Java (100K lines of code) PL/SQL […]

Highlight Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 20+ technologies to calculate health factors of a software. Here is a sample.
Software ResiliencySoftware AgilitySoftware Elegance
  • All
  • Acceleration
  • Code Complexity
  • Code Insights
  • Code Readability
  • Code Reliability
  • Cost
  • Embedded Documentation
  • Innovation
  • Miscellaneous
  • Programming Best Practices
  • Risk
  • Software Agility
  • Software Elegance
  • Software Resiliency

Use of ‘return’ statement is not recommended

{{ vc_btn:title=SOFTWARE+RESILIENCY&style=flat&color=black&i_icon_fontawesome=fa+fa-shield&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-resiliency%252F%7C%7C%7C }} {{ vc_btn:title=BEST+PRACTICES&style=outline&color=black&i_icon_fontawesome=fa+fa-code&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-resiliency%252Fbest-practices%252F%7C%7C%7C }} Why you should care Specifically in Scala, use of return statement could interfer with the expected result. It's recommended to use an implicit return which is a native feature in scala language. How we detect This Code Insight counts one occurrence each time 'return' statement is encountered:   Noncompliant [...]

Do not compare to null

{{ vc_btn:title=SOFTWARE+RESILIENCY&style=flat&color=black&i_icon_fontawesome=fa+fa-shield&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-resiliency%252F%7C%7C%7C }} {{ vc_btn:title=BEST+PRACTICES&style=outline&color=black&i_icon_fontawesome=fa+fa-code&add_icon=true&link=url%3Ahttp%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-resiliency%252Fbest-practices%252F%7C%7C%7C }} Why you should care Whenever null seems like a good idea, use Option instead. As far as types are concerned, null is a bit of a lie: val s: String = null The compiler believes s to be a String and will accept it wherever one is required. The compiler is, obviously, wrong: s.toLowerCase // [...]

Avoid long ‘if/else if’ chains that could be replaced by a ‘switch’ statement

For code readability purpose, prefer using switch if there are three or more options in a if.

phpinfo() should not be used in production

For security purpose, developers should not leave phpinfo() in production code, as it displays information which can be used to compromise the server that your site is running on.

Avoid useless overriding method

Overring methods is a very powerfull way of factoring the code and produce complete fonctionnalities. However useless overriding methods can be a problem for the simplicity of the source code.

The code contains too many uppercase control structure keywords

THE CODE CONTAINS TOO MANY UPPERCASE CONTROL STRUCTURE KEYWORDS

The code contains too many PHP4 deprecated constructor naming.

Developers should avoid using deprecated constructors. Since PHP5, constructor should be named __construct.

The code contains too many functions, interfaces or classes with closing not commented

For better code maintainability, functions, interfaces and classes should end with a comment.

The code contains too many functions throwing exceptions that have inconsistencies in “@throws” tags

Every function that throws exceptions must have a throw tag.

The code contains too many functions not complying with naming conventions

Complying with naming conventions make the source code easier to ready and so to maintain. Function names should start with an upper case and should not contain underscores OR should start with a lower case (but can contain underscores).

The code contains too many final artifacts in final classes

Unnecessary final modifiers inside final classes should be avoided. Final modifier prevents child classes from overriding a method by prefixing the definition with final. If the class itself is being defined final then it cannot be extended and the modifier is useless.

The code contains too many classes that declare __get() without declaring __set()

When __get() are declared, __set() shoud be declared as well.

The code contains too many class names that do not begin with an uppercase letter

Complying with naming conventions make the source code easier to ready and so to maintain. Class names should start with an upper case.

Force casts should not be used

Because force casting (as!) does not perform any type safety validations, it is capable of performing dangerous conversions between unrelated types. When the types are truly unrelated, the cast will cause a system crash.

Prefer to use an expression body for functions whose body consists of a single expression

Prefer using an expression body for functions with the body consisting of a single expression.

Avoid abstract classes without abstract or concrete methods

Abstract classes can have public constructors, and this is required in some particular cases. But a public constructor means that the class can be instantiated directly while, by design, abstract classes are aimed to not be instantiable.

Use short variable declarations (:=) for variables with default values

Short variable declarations (:=) should be used if a variable is being set to some value explicitly.

Avoid naming unused receivers

If the receiver of a method is unused, do not give it a name. It’s more readable because it’s clear that the receiver is not used in method.

Avoid instantiation with new

Use &T{} instead of new(T) when initializing struct references so that it is consistent with the struct initialization.

Avoid ‘switch’ with too many ‘case’ statements

When switch statements have large sets of case clauses, it is usually an attempt to map two sets of data. A real map structure would be more readable and maintainable, and should be used instead.

Variables should not be shadowed

Overriding a variable declared in an outer scope can strongly impact the readability, and therefore the maintainability, of a piece of code. Further, it could lead maintainers to introduce bugs because they think they’re using one variable but are really using another.

Variables should be declared with ‘let’ or ‘const’

The distinction between the variable types created by var and by let is significant, and a switch to let will help alleviate many of the variable scope issues which have caused confusion in the past.
This code insight will trigger when var is used instead of const or let.

Multiline string literals should not be used

Continuing a string across a linebreak is supported in most script engines, but it is not a part of ECMAScript. Additionally, the whitespace at the beginning of each line can’t be safely stripped at compile time, and any whitespace after the slash will result in tricky errors.

Logical OR should not be used in switch cases

The logical OR operator (||) will not work in a switch case as one might think, only the first argument will be considered at execution time.

In switch ‘default’ clauses should be last

Switch can contain a default clause for various reasons: to handle unexpected values, to show that all the cases were properly considered.
For code readability purpose, to help a developer to quickly find the default behavior of a switch statement, it is recommended to put the default clause at the end of the switch statement. This rule raises an issue if the default clause is not the last one of the switch’s cases.

Avoid caching selector for long time

Since object members may contain other members, it’s not uncommon to see patterns such as window.location.href in JavaScript code. These nested members cause the JavaScript engine to go through the object member resolution process each time a dot is encountered.
Reducing the dotation usage can win 50% of the time consumed by this function.

URIs (URL & path) should not be hardcoded for testability purpose

Hard coding a URI makes it difficult to test a program: path literals are not always portable across operating systems, a given absolute path may not exist on a specific test environment, a specified Internet URL may not be available when executing the tests, production environment filesystems usually differ from the development environment, …etc. For all those reasons, a URI should never be hard coded. Instead, it should be replaced by customizable parameter.
Further even if the elements of a URI are obtained dynamically, portability can still be limited if the path-delimiters are hard-coded.

This code insight triggers only when URL or path delimiters are hard coded. URL security aspect is checked through CloudReady patterns.

try! should not be used

The use of Swift 2.0’s try! lets you execute code that might throw an exception without using the do and catch syntax normally required for such code. By using it, you’re guaranteeing that the executed code will never fail. But there might be some exceptions… And when it does fail, the program will exit abruptly, probably without cleaning up after itself.

A field should not duplicate the name of its containing class

It can be confusing to have a class member with the same name (case differences aside) as its enclosing class, especialy when considering the common practice of naming a class instance for the class itself.
Best practice dictates that any field or member with the same name as the enclosing class be renamed to be more descriptive of the particular aspect of the class it represents or holds.

Use == instead of ?: when dealing with nullable boolean

USE == INSTEAD OF ?: WHEN DEALING WITH NULLABLE BOOLEAN

The code contain too many unused private methods

Private methods that are never executed are dead code: unnecessary, inoperative code that should be removed. Cleaning out dead code decreases the size of the maintained codebase, making it easier to understand the program and preventing bugs from being introduced.

Prefer using expression Form for ‘if’ or ‘when’ in place of statement syntax

In Kotlin, “if” and “when” returns a value, and so can be used as expression. When possible, prefer using the expression form.

Do not use a labeled return for the last statement in a lambda

The return keyword is relative to the nearest enclosing function (or anonymous function). So for returning from lambda, a labeled return is needed. But as recommended by official Kotlin coding convention, do not use a labeled return for the last statement in a lambda. Prefer lambda mechanism based on implicit return of the last expression used. If you need explicit return, then for a lambda you would have to use a heavy labeled return syntax. So in this case, prefer converting the lambda into anonymous function that use a simple return syntax.

Boolean checks should not be inverted

is needlessly complex to invert the result of a boolean comparison. The opposite comparison should be made instead. This is furthermore the case in compound conditions.

Avoid using multiple labeled returns in lambda expression

The return keyword is relative to the nearest enclosing function (or anonymous function). So for returning from lambda, a labeled return is needed. But as recommended by official Kotlin coding convention, avoid using multiple labeled returns in a lambda. Consider restructuring the lambda so that it will have a single exit point. If that’s not possible or not clear enough, consider converting the lambda into an anonymous function.

Avoid generic catch

You should not ignore exceptions. It can be tempting to be lazy when catching exceptions and do something like this: (see example below).

Use Elvis operator to avoid unclear syntax pattern

Elvis operator ?: is an syntactic sugar for if (!x) { x=something }. Prefer Elvis notation for readability considerations.

Avoid undefined type on data or routines declaration

Groovy support dynamic types, that is declarations where the type is def or unspecified.

Avoid to update static fields from instance methods

Correctly updating a static field from a non-static method is tricky to get right and could easily lead to bugs if there are multiple class instances and/or multiple threads in play. Ideally, static fields are only updated from synchronized static methods.

Avoid to update parameters inside routine’s bodies

Reassigning parameter of function to a new value within the body of the method/closure, is a confusing and questionable practice. Use a temporary variable instead.

Avoid to cover two dimensional ranges with nested for loop

Nested for loops are not a good practice because for loops are using an increment to cover a range, and nested for loops are meant to cover a two dimensional range, leading to a O(n2) algorithm. Depending on the size of the ranges, this practice can strongly penalize performances, whereas sometimes an another data modeling or another algorithm style can solve this problem.

Avoid Public finalize() methods

A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke one of your finalize() methods because it is declared with public access. If you are using finalize() as it was designed, there is no reason to declare finalize() with anything other than protected access.

Avoid confusing initialization for variables declared on the same line

Destructuring assignment are a practical sugar syntax, but due to dynamic typing, ommitting the parentheses lead to a syntactically correct, but however functionnally incorrect, implementation.

Avoid unexpected closure inside parentheses call

If a method is called and the last parameter is an inline closure then it can be declared outside of the method call parentheses, to comply with Groovy style programming.

The code is managing too many files together

The number of files declared in the FILE-CONTROL should not be excessive.

The code contains too many unnecessary COMPUTE

COMPUTE verb should be restricted to usage in combination with the ROUNDED clause or a function call or for complex computing expression.

The code contains too many paragraph labels not followed by a dot

As much as possible, developers should always terminate paragraph labels with a dot.

The code contains too many not aligned END instructions

For code readability purpose, developers should always align end keywords with the corresponding instruction. The END-xxx keywords should be aligned on the same column the instruction they are related to.

The code contains too many long PIC declaration pattern

While describing a PICTURE, once the length of a sequence exceeds 3 characters, use the factorized notation. Edition pictures (presence of Z) are not concerned.

The code contains too many instructions that initialize zones of data with zeros or spaces

For code readability purpose, avoid initializations with 0 or spaces.

The code contains too many data contigus levels

When creating a new data level, do not add 1 to the previous level. Having not contigus level is easier for inserting an intermediate level later, if needed.

The code contains too many back performs

For readability purpose, avoid using perform with a paragraph higher in the code.

The code contains too many dangerous usage patterns in file management

Avoid dangerous file usage patterns. File management contains dangerous usage patterns.

The code contains paragraphs having the same name

Paragraphs having the same name is ambigous, and should be strongly avoided.

The code contains too many bad area A usages

In a cobol file, area A (the first four columns) are reserved for divions, sections names, paragraph names and level 01 data declaration.

Optional property declarations should use ‘?’ syntax

In TypeScript there are several ways to declare an optional property, i.e. a property which might be missing from an object: adding “| undefined” in the property type or adding “?” after its name. The latter is preferred as it brings more clarity and readability to a code.

Errors should not be created without being thrown

Creating a new Error without actually throwing it is useless and is probably due to a mistake.

Avoid explicit type when it can be inferred from literal value affected

For code readability purpose, if a property initializer is a scalar value or the return type can be clearly inferred from the body then it can be omitted.

Avoid structures initializations with unamed fields

You should almost always specify field names when initializing structs. This is now enforced by go vet.

Avoid self-assigned variables

There is no reason to re-assign a variable to itself. Either this statement is redundant and should be removed, or the re-assignment is a mistake and some other value or variable was intended for the assignment instead.

Avoid binary operators with identical members

Using the same value on either side of a binary operator is almost always a mistake. In the case of logical operators, it is either a copy/paste error and therefore a bug, or it is simply wasted code, and should be simplified. In the case of bitwise operators and most binary mathematical operators, having the same value on both sides of an operator yields predictable results, and should be simplified.

Avoid ‘if/else if’ & cases statements having the same condition

A chain of if/else if statements is evaluated from top to bottom. At most, only one branch will be executed: the first one with a condition that evaluates to true.

Avoid dead code

Dead code are instructions that can never be reached. Obvious dead code are instructions that follow unconditional jumps in the same statement block.
Dead code could just be deactivated functionalities, but in this case, it should not be present in production.

Avoid ‘if … else if’ constructs with missing final ‘else’ clauses

This rule applies whenever an if statement is followed by one or more else if statements; the final else if should be followed by an else statement.
The requirement for a final else statement is defensive programming.

The else statement should either take appropriate action or contain a suitable comment as to why no action is taken. This is consistent with the requirement to have a final default clause in a switch statement.

Increment (++) and decrement (–) operators should not be used in a method call or mixed with other operators in an expression

The use of increment and decrement operators in method calls or in combination with other arithmetic operators is not recommended

‘switch’ statements should not be nested

Nested switch structures are difficult to understand because you can easily confuse the cases of an inner switch as belonging to an outer statement. Therefore nested switch statements should be avoided.

Avoid collapsible nested ‘if’

Merging collapsible if statements increases the code’s readability.

The code contains one or more “with” instructions

The with statement in javascript inserts an object at the front scope chain, so any property/variable references will first try to be resolved against the object. This is often used as a shortcut to avoid multiple long references.

The code contains inner functions

While most script engines support Function Declarations within blocks it is not part of ECMAScript (see ECMA-262, clause 13 and 14). Worse implementations are inconsistent with each other and with future EcmaScript proposals. ECMAScript only allows for Function Declarations in the root statement list of a script or function. Instead use a variable initialized with a Function Expression to define a function within a block.

The code contains at least one class defining a destructor

For several reasons detailed in references, using finalizers is not recommended.

The code contains too many switch cases with missing ending breaks

Ending switch branches with ‘breaks’ helps the code be more consistent, functional, and easier to debug. This allows developers in different teams navigate the code easier and be more productive in the development process. Lack of breaks makes the code difficult for other developers to understand.

The code contains modifications of buildtins objects : Object, Array or Function

Modifying builtins like Object.prototype and Array.prototype are strictly forbidden. Modifying other builtins like Function.prototype is less dangerous but still leads to hard to debug issues in production and should be avoided.

Avoid using ellipsis in functions

Functions should not be defined with a variable number of arguments. Varargs methods are a convenient way to define methods that require a variable number of arguments, but they should not be overused. They can produce confusing results if used inappropriately.

Avoid protected member in final classes

The difference between private and protected visibility is that child classes can see and use protected members, but they cannot see private ones. Since a final class will have no children, marking the members of a final class protected is confusingly pointless.

Avoid loop counter modification

Loop counters shall not be modified in the body of the loop. However other loop control variables representing logical values may be modified in the loop, for example a flag to indicate that something has been completed, which is then tested in the for statement.

Avoid Equals methods not testing their parameters

Because the equals method takes a generic Object as a parameter, any type of object may be passed to it. The method should not assume it will only be used to test objects of its class type. It must instead check the parameter’s type.

Avoid catches that only rethrow

catch clause that only rethrows the caught exception has the same effect as omitting the catch altogether and letting it bubble up automatically, but with more code and the additional detrement of leaving maintainers scratching their heads.
Such clauses should either be eliminated or populated with the appropriate logic.

Avoid nested try-catch blocks

Although this is sometimes unavailable, nesting try/catch blocks severely impacts the readability of the source code as it makes it difficult to understand which block will catch which exception.

Avoid long case statements

The switch statement should be used only to clearly define some new branches in the control flow. As soon as a case clause contains too many statements this highly decreases the readability of the overall control flow statement. In such case, the content of the case clause should be extracted into a dedicated method.

The code contains non-wrapped immediate function calls

When a function is to be invoked immediately, the entire invocation expression should be wrapped in parents. Wrapping an immediate function invocation in parentheses is usefull to assist the reader in understanding that the expression is the result of a function, and not the function itself.

The code contains too many var statements declaring several variables in it

Although JavaScript allows to declare multiple variables in a single chain, it is recommended to declare each variable separately as it is easier to read and reduce the risk of unexpected behaviors in some cases.

The code contains too many jump instructions that derive the control flow out of a finally structure

Using return, break, throw, and continue from a finally block overwrites similar statements from the suspended try and catch blocks.

Avoid small switch/Case

SWITCH statements are useful when there are many different cases depending on the value of the same expression. However, code will me more readable with IF statements for one or two cases.

The code contains classes that overload equals(Object)

“equals” as a method name should be used exclusively to override Object.equals(Object) to prevent any confusion. It is tempting to overload the method to take a specific class instead of Object as parameter, to save the class comparison check. However, this will not work as expected when that is the only override.

Avoid equality in loop termination condition

Testing for loop termination using an equality operator (== and !=) is dangerous, because it could set up an infinite loop. Using a broader relational operator instead casts a wider net, and makes it harder (but not impossible) to accidentally write an infinite loop.

Avoid variable assignments in conditional expressions

This pattern verifies the presence of variable assignments in conditional (IF) expressions. It is generally not recommended to use the assignment operator in this case as it is close to the comparison operator (==) and could lead to misreading the code logic.

The code contains too many negative comparisons

This pattern verifies the presence in source code of negative comparisons. Depending on the frequency, CAST Highlight will trigger this code insight.

Avoid using ellipsis in functions

Functions should not be defined with a variable number of arguments. Varargs methods are a convenient way to define methods that require a variable number of arguments, but they should not be overused. They can produce confusing results if used inappropriately.

The code contains use of getClass().getName()

It could be necessary to check whether a given object has a specific class type or whether two objects have the same class type associated with them, for example, when implementing the equals() method. If the comparison is performed incorrectly, the code could assume that the two objects are of the same class when they are not. As a result, class names must not be compared.

Avoid unconditional jump statement

Having an unconditional break, return or throw in a loop renders it useless; the loop will only execute once and the loop structure itself is simply wasted keystrokes. Having an unconditional continue in a loop is itself wasted keystrokes. For these reasons, unconditional jump statements should never be used except for the final return in a function or method.

Avoid octal values

Integer literals starting with a zero are octal rather than decimal values. While using octal values is fully supported, most developers do not have experience with them. They may not recognize octal values as such, mistaking them instead for decimal values.

The code contains too many throws to system exceptions

The code contains too many thows to system exceptions (java.lang.Error, java.lang.RuntimeException). Application should have their own error exception classes. Throwing generic exception force callers to use generic catches. Prefer to use applicative and more specialized exceptions.

The code contains too many queries leading to a high number of table columns

Complex select clauses, i.e select clauses with many column can be difficult to read and does not help the reader who needs to identify the relevant columns to be retrieved. Also a query that retrieves many columns can potentially cause performance problems.

The code contains too many hard coded absolute file system paths in include directives

In order to ease change and to hide platform specific information from any potential misuse, it is highly recommended to use SAP ABAP logical paths instead of hard-coded paths.

The code contains too many “SELECT *” requests

This Code Insight counts one occurrence each time a “SELECT *” or “SELECT SINGLE *” query is found.

The Web Dynpro code contains too many direct calls to routines using “me–>”

Special rules apply for the implementation of Web Dynpro routines, such as “wd_Do_Init” methods. Some ABAP language statements cannot be used. Other routines cannot be called directly – instead they must be called with the “wd_This” instance. The reason for this is that a direct call makes any extensions made from restructured layers impossible.

A Program, User-Exit or Include contains too many Open SQL queries that access SAP standard tables in modification

SAP standard tables are part of the SAP software and they must not be modified by custom components. These can be affected by the modification of the SAP system tables, in terms of structure, content or business rules. In addition, they can lead to data corruption and unpredictable behavior of SAP packages. The best way is to use standard functions and badis released by SAP.

The code contains too many SQL instructions with a missing where clause, or using “order by”, or using “not” operator or “is null” check in a where clause

For reliability and performance purposes, avoid using too many SQL instructions with a missing WHERE clause. Also, using “ORDER BY”, “NOT LIKE” or “IS NULL” is a WHERE clause is not recommended.

Empty functions and methods should be avoided

For maintainability aspect, avoid ABAP Functions, ABAP Forms, and ABAP Modules that contain no statements.

The code contains too many unchecked returns of functions calls

Missing return code checks after an Open SQL statement can result in unpredictable behavior and untraceable execution errors. This is why it is extremely important to report and handle errors as soon as they occur.

The code contains too many MOVE instructions with multiple assignments

Software AgilityEmbedded Documentation Why you should care Description coming soon... Business Impacts Description coming soon... CostTime / Effort CAST Recommendations Description coming soon... References Coming soon... How we detect Coming soon... About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of [...]

Avoid having too many conditions using variables without operators

When a variable without any operators is found within a ‘IF’ condition, in most of cases, it means that the developer wanted to perform some controls on this variable. However, in order to avoid any unexpected behavior during the execution, and depending on the verification type the developer intends to perform (existing/set or empty or true/false or null variable?), it is recommended to use the appropriate method, so that the risk of misinterpretation of the verification is limited.

Avoid using complex operands

This code insight sanctions data accesses in operands having a too high level of indirection. The level of indirection is determined by the path you need to go through in order to get your data from an object (e.g. myObject.a.b.c.myData). Too many occurrences of this pattern generally decreases readability of the code, especially when indirection layer names are not meaningful. It may also reveal a lack of Oriented-Object encapsulation.

Avoid having too many unused variables

Having too many variables that are unused somewhere in your software can make the software consume more memory than it should as the resource is allocated for each declared variable, whether it is use or not during the execution. It also doesn’t help developers get clear view on effectively used variables in a program.

Avoid files with too many functions or methods

{{ vc_btn:title=Software+Agility&style=flat&color=pink&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-agility%252F%7C%7C%7C }} {{ vc_btn:title=Code+Readability&style=outline&color=black&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-agility%252Fcode-readability%252F%7C%7C%7C }} How we detect CAST Highlight counts the number of functions/methods found per file. Depending on thresholds based on benchmark analysis of reference applications, CAST Highlight will decrement the capital of points for the scanned file where the code insight occurs. Why you should care For maintainability and code readability [...]

Spaces between function name and opening parenthesis cause bugs

Software AgilityCode Readability Why you should care There should be no space between the name of a function and the ( (left parenthesis) of its parameter list, unless case of an anonymous literal function. If a function literal is anonymous, there should be one space between the word function and the ( (left parenthesis). If [...]

Builtin instructions are inadvisable because of their risky nature

Software ResiliencyProgramming Best Practices Why you should care Certain built-in commands in VB/VB.net bring about unnecessary reliability risk to applications. This unexpected application or machine behavior occurs a result of awkward/unreliable methods of handling errors and interacting with memory - that includes using pointers, forcing garbage collection, unstructured exception handling etc. Business Impacts The use [...]

Deep functions are a Production Risk in JavaScript

Software ResiliencyProgramming Best Practices Deep functions are a Production Risk in JavaScript This code insight counts one violation each time an artifact (global function or root code) has a too high depth code. Depth is evaluated throught imbrication of following structures : if, do, for, while, case, The depth threshold (max valid depth) is tuned [...]

Suspicious File Usage patterns can be risky

Software ResiliencyCode Reliability Risky catches increase production risks This code insight counts a violation each time in a single cobol source file : a sorted file (SD) is never sorted : an instruction               SD  <SORT-FILE>. is found in DATA DIVISION, but not corresponding               SORT <SORT-FILE> ....... is found in PROCEDURE DIVISION. a file [...]

File Records with no COPY Clause can be risky

Software ResiliencyProgramming Best Practices File Records with no COPY Clause can be risky This code insight count a violation each time a file record has more than one data and is not in a copy clause. Bad: 000130 DATA DIVISION. 000140 FILE SECTION. 000150 FD SALES-FILE 000160       RECORDING MODE IS F. 000170 000180 01 SALES-RECORD. [...]

EVALUATE instructions without default treatment causes Production Risk

Software ResiliencyProgramming Best Practices EVALUATE instructions without default treatment causes Production Risk This code insight counts one violation each time the statement WHEN OTHER is missing for an EVALUATE instruction. Why you should care Each EVALUATE structure should have a WHEN OTHER statement to provide a default treatment in case the program has an unexpected [...]

Multiple JSP Comments can increase costs

Software AgilityEmbedded Documentation Multiple JSP Comments can increase costs This code insight counts one violation each time too consécutive comment blocs are encountered. JSP comments <%-- are concerned as well as java comment /* or // inside a scriptlet. HTML comments are not considered. If two JSP comments are separated by HTML code (not containing [...]

Pure JSP Comments can decrease Costs

CostSoftware AgilityEmbedded Documentation Pure JSP Comments can decrease Costs This code insight counts one violation each time a scriptlet contains only java comments. This includes for example the following patterns : <% /** ... */ %> <% /* ... */ %> <% // ... %> Including cases with several comments: <% /* ... */ /* [...]

Long Lines can decrease Readability

Production RiskSoftware ResiliencyCode Reliability Long Lines can decrease Readability This code insight counts one violation each time a line of the JSP file exceed 80 characters. All lines of the file are concerned, whatever they contain : html, JSP tags, java code, etc ...     Why you should care Long lines will often extend [...]

Good declaration Order in JSP can reduce costs

Production RiskSoftware ResiliencyProgramming Best Practices Good declaration Order in JSP can reduce costs This code insight counts a violation each time a page do not conform to the following declaration layout: a JSP file consists of the following sections in the order they are listed: - Opening comments - JSP page directive(s) - Optional tag [...]

Standard SQL API increases Production Risk in JSP

Production RiskSoftware ResiliencyProgramming Best Practices Standard SQL API increases Production Risk in JSP This code insight counts one violation if there is at least one import directive: <%@ page import = "java.sql.*" %> <%@ page import = "javax.sql.*" %>     Why you should care Standard SQL APIs java.sql.* and javax.sql.* are symptoms of direct [...]

TLD Headers can reduce Production Risks

Production RiskSoftware ResiliencyProgramming Best Practices TLD Headers can reduce Production Risks This code insight counts one violation each time a TLD header do not contains: the xml version, the xml encoding the DOCTYPE statement   Why you should care A tag library descriptor (TLD) file must have a header section including the definition of the [...]

Bad attribute names can increase costs

CostSoftware AgilityEmbedded Documentation Bad attribute names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]*$ underscore allowed lowercase Why you should care The name of the class attribute does match the naming convention. This error is a stylistic warning. The code will execute. But you can [...]

Bad method names can increase costs

CostSoftware AgilityEmbedded Documentation Bad method names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]$ underscore allowed lowercase Why you should care The name of the method does match the naming convention. This error is a stylistic warning. The code will execute. But you can improve [...]

Bad function names can increase costs

CostSoftware AgilityEmbedded Documentation Bad function names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]{2,}$ underscore allowed lowercase Why you should care The name of the function does match the naming convention. This error is a stylistic warning. The code will execute. But you can improve [...]

Bad class names can increase costs

CostSoftware AgilityEmbedded Documentation Bad class names can increase costs This code insight counts one violation each time the name do not complies with: [A-Z_][a-zA-Z0-9]*$ underscore as prefix only first letter words capitalized Why you should care The name of the class does match the naming convention. This error is a stylistic warning. The code will [...]

Bad variable names can increase costs

CostSoftware AgilityEmbedded Documentation Bad variable names can increase costs This code insight counts one violation each time the name do not complies with: Constants (([A-Z_][A-Z0-9_]*)|(__.*__)) underscore allowed upercase anything delimited with double underscore Note : a constant is an identifier that is assigned at only one time in a function, method or global scope, with [...]

Short functions and identifiers increase costs

Software AgilityEmbedded Documentation Why you should care Developers tend to shorten the text required for writing code to save time and get it running. However, using short, nondescript function/variable names increases the need for excessive commenting and makes it more difficult for developers to collaborate and understand each other’s code. It also can be a [...]

Break Statements helps reduce production risk

Production RiskSoftware ResiliencyProgramming Best Practices Break Statements helps reduce Production Risk This code insight counts one violation each time a loop with a else clause do not contains any break or return statement. bad def contains_magic_number(list, magic_number): for i in list: if i == magic_number: print "This list contains the magic number." else: print "This [...]

Magic Numbers are a Production Risk

Production RiskSoftware ResiliencyProgramming Best Practices Magic Numbers are a Production Risk This code insight counts one violation each time a litteral numeric constant is encountered, that is not assigned to a constant. interger : (0|0[xX])?[0123456789ABCDEF]+([lL]? decimal : ([0-9]*\.[0-9]+|[0-9]+\.) real : [0-9]+[eE][+-]?[0-9]+ exception  one digit integer 0.0, .0, 0. 1.0 Note : a constant is a [...]

Avoid methods or function with too many local variables

{{ vc_btn:title=SOFTWARE+ELEGANCE&style=flat&color=juicy-pink&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fsoftware-elegance%7C%7C%7C }} {{ vc_btn:title=CODE+COMPLEXITY&style=flat&color=black&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fhttp%253A%252F%252Fcasthighlight.wpengine.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fsoftware-elegance%252Fcode-complexity%252F%7C%7C%7C }} This code insight counts one occurrence for each local variable in methods and functions found during the scan and shows up in CAST Highlight results when specific thresholds (ratio of local variables vs. total number of functions/methods) are reached for a given file, compared to the average ratio observed [...]

% operator to format string can cause production risk

Production RiskSoftware ResiliencyProgramming Best Practices % operator to format string can cause production risk Count one violation each time a string use the % operator. bad print("%s is %s" % ("`$`", "fine")) good print("{0} is {1}, much {1}".format("format", "better")) Why you should care Future python version will promote usage of format(). If possible, prefer using [...]

Whitespaces are a Production Risk

Production RiskSoftware ResiliencyProgramming Best Practices Whitespaces are a Production Risk Count one violation each time a format replacement field contains a whitespace. bad print "{ what} is {how it is}".format({"what": "life", "how it is": "hard"}) # Output: KeyError; the correct key would be ' what' with a leading whitespace print "{ what} is {how it [...]

Prefer single quotes over double quotes for strings, in a consistent way

Software AgilityCode Readability Why you should care Be consistent with your choice of string quote character within a file. Pick ' or " and stick with it. However, in a JavaScript context, the single quote will be preferred in order to have to escape single quotes in strings. Business Impacts Consistency is key is keeping [...]

String concatenation in loop causes production risks

Production RiskSoftware ResiliencyProgramming Best Practices String concatenation in loop causes production risks This code insight counts one violation each time an operator + or += is used with a string parameter inside a loop. Note : the rule is restricted to expression with litteral string. Variable string need semantic to be detected. bad employee_table = [...]

Trailing spaces can increase costs

CostSoftware AgilityCode Readability Missing spaces can increase costs This code insight counts one violation each time a line of code is ended with trailing whitespaces. → search all non-blank lines terminated with one or more spaces that are not inside a comment Why you should care Avoid trailing whitespace anywhere. Because it's usually invisible, it [...]

Missing spaces can increase costs

CostSoftware AgilityCode Readability Missing spaces can increase costs This code insight counts one violation each time : following operators are not surrounder with at least one space: =, += , -=, == , < , > , != , <> , <= , >= , in , not in , is , is not, and , or , not. following elements are not followed by at least one space : comma, semicolon, colon (except slice operator) Why you should care Always [...]

Extraneous whitespaces increase costs

Software AgilityCode Readability Why you should care Avoid extraneous whitespace in the following situations: Immediately inside parentheses, brackets or braces. Yes: spam(ham[1], {eggs: 2}) No: spam( ham[ 1 ], { eggs: 2 } ) Immediately before a: comma semicolon colon (except when using as slice operator) Yes: if x == 4: print x, y; x, [...]

Java-Style getters and setters can increase production risks

Production RiskSoftware ResiliencyProgramming Best Practices Java-Style getters and setters can increase production risks This code insight counts one violation each time a class define getter or setter (one of then or both) for a given member. If the implementation of the class contain the following pattern: self.<member> then a violation will be counted if the [...]

Alias agreement for imports can reduce costs

CostSoftware AgilityCode Readability Alias agreement for imports can reduce costs This code insight counts one violation each time a one of the following library is not imported with the conventionnal alias. Library -> Alias numpy -> np scipy -> sp pandas -> pd matplotlib -> mpl matplotlib.pyplot -> plt seaborn -> sns datetime -> dt [...]

Wildcard(*) imports can increase production risks.

Production RiskSoftware ResiliencyProgramming Best Practices Wildcard(*) imports can increase production risks. This code insight counts one violation each time a wildcard import is used. Violations pattern is: import * from xxx import * Why you should care In general, import statements should be as specific as possible and you should only import what you need. [...]

Multiple imports on the same line can increase costs

CostSoftware AgilityCode Readability Multiple imports on the same line can increase costs This code insight counts one violation if an "import" not preceded by a "from" contains several arguments. bad import os, sys good import os import sys from xxx import a, b Why you should care Imports should usually be on separate lines, e.g.: [...]

Methods with too many parameters can be complex

Software EleganceCode Complexity Why you should care For developers, it is important to consider that having too many arguments tends make the function excessively complex.  This increases development time as it becomes more difficult for others to use, and understand the offending sections of code. Business Impacts Having too many parameters makes it difficult for [...]

Illegal exceptions can cause Production Risks

Software ResiliencyCode Resiliency Risky catches increase production risks This code insight counts one violation each time a class whose name is ending with Exception or Error is not derived from another class whose name is ending with Exception or Error, excluding BaseException. bad class MyException(object): def __init__(self, code, message): self.code = code self.message = message [...]

Handling Exceptions should be explicit

Software ResiliencyProgramming Best Practices How we detect This code insight counts one violation each time : an except instruction is immediately followed by a colon, i.e does not specify any exception class name (case of a bare except). an except instruction is catching the BaseException class an "except Exception:" is in first position or not [...]

Using “is” for anything but singleton can increase costs

CostSoftware AgilityCode Readability Using "is" for anything but singleton can increase costs Count one violation each time one of the operand of is (or is not) is not None, True or False. Why you should care Testing the identity of two objects can be achieved in python with a special operator called  is. Most prominently [...]

‘Not…is’ syntax can be unreadable

CostSoftware AgilityCode Readability 'Not...is' syntax can be unreadable Count one violation each time the not ... is syntax is encountered. bad some_list = None if not some_list is None: do_something() good some_list = None if some_list is not None: do_something() Note: there is no violation if the operators "and", "or", && or || are between [...]

Explicit comparison to singleton can be unreadable

CostSoftware AgilityCode Readability Explicit comparison to singleton can be unreadable This code insight count one violation each time a condition use an explicit comparison to "none", "false" or "true" (using operators == or !=). Bad: if number == None: print("This works, but is not the preferred PEP 8 pattern") if number ! = None : [...]

Suspicious Comments can increase costs due to their suspicious nature

Software AgilityEmbedded Documentation Why you should care Avoid (in production code) comments that reveals that the code could not be finalized or not mature. Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. Cost CAST Recommendations References Style Guide How we detect Count one [...]

Low commented code rates increase time and effort

Software AgilityEmbedded Documentation Why you should care Commented code lines rate is the percentage of lines of codes that are preceded with at least one line of comment. Comments are essential in every programming language for summarizing, communicating and clarifying sections of code - in order to assist others working on an application. Low commented [...]

Inline comments can increase costs

CostSoftware AgilityEmbedded Documentation Inline comments can increase costs Count one violation each time an instruction statement is followed by a comment on the same line. bad : x = y + z # This is a trailing comment that can become hard to read. good: # A comment before the actual code, is better readable [...]

Uncommented functions or methods increase costs

CostSoftware AgilityEmbedded Documentation Uncommented functions or methods increase costs Count one violation each time a function or method do not have a docstring as first instruction: bad : def area (width, height) : return width * height good: def area (width, height) : """ Returns the area of a rectangle. """ return width * height [...]

Uncommented Classes increase costs

CostSoftware AgilityEmbedded Documentation Uncommented Classes increase costs Count one violation each time a class do not have a docstring as first instruction: bad : class CustomException (Exception) : def __init__ (self, msg, code) : self.msg = msg self.code = code good: class CustomException (Exception) : """Raise when some custom event did not occur.""" def __init__ [...]

Nested loops can slow down innovation

InnovationSoftware EleganceCode Complexity Nested loops can slow down innovation This code insight detects loops within a loop (for, do, while, foreach, etc.). Depending on thresholds observed in the benchmark of thousands of applications and billions lines of code, Highlight accounts penalty points to the given scanned files. Why you should care For code readability and [...]

Too many nested Loops decreases innovation

InnovationSoftware EleganceCode Complexity Too many nested Loops decreases innovation Count number of loops inside another loop.     Why you should care   Business Impacts Complex code can slow down Innovation Innovation CAST recommendations References About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement [...]

Declaring too many functions can make Javascript code complex

Software EleganceCode Complexity Why you should care A JavaScript file should not declare an excessive number of functions since a higher number of functionalities declared in a module increase the complexity of this module and slows down the effectiveness of the code. Too many functions can also lead to bigger file sizes which leads to reduced [...]

Too many classes without same name as file name can increase costs

CostSoftware AgilityCode Readability Too many classes without same name as file name can increase costs This code insight searches all the classes not having the same name as the file. Why you should care Having the naming conventions make the source code more easy to ready and so to maintain.  Try to reduce the number [...]

Too many elseif statements increases costs

CostSoftware AgilityCode Readability Too many elseif statements increases costs This code insight searches all the Functions and Methods  having an Elseif statements. Why you should care For the readability reasons else and if should be used instead of ElseIf.  Try to reduce the number of Functions and Methods having elIf statement and review the source [...]

Inconsistencies in @throws tags can increase costs

CostSoftware AgilityCode Readability Inconsistencies in @throws tags can increase costs This code insight searches all the function that throws functions without having a @throws tag. Verifies : 1 - that a @throws tag exists for a function that throws exceptions. 2 - the number of @throw tags and the number of throw tokens matches. 3 [...]

Missing comments can increase costs in PHP

CostSoftware AgilityEmbedded Documentation Missing comments can increase costs in PHP This code insight searches all the File not respecting the nameing convention. Functions, interfaces and classes closing bracket should be commented. Search for corresponding comment pattern : // end class // end interface // end method xxx() Why you should care For correctness reasons, the [...]

Increment/Decrement Operators can increase costs

CostSoftware AgilityCode Readability Increment/Decrement Operators can increase costs This code insight searches all the artifacts having increment/decrement operators. Increment and decrement operators 1) cannot be used in an arithmetic operation. Ex of violation : $id = --$i - $x; 2) must be bracketed when used in string concatenation. Ex of violation : $id = $id.'_'.$i++;    [...]

Unused function parameters can make code unreadable

This code insight searches all the Function and Methods having unused parameters.
Review the source code in order to try to reduce the number of Functions
and Methods having unused parameters.

Ternary operators in Java can make code unreadable

CostSoftware AgilityCode Readability Ternary operators in Java can make code unreadable This code insight counts one violation each time a ternary operator is encountered. Note : Do not confuse with question mark used as wildcard for unknow generic type. bad String data = (str.contains("A") ? "Str contains 'A'" : "Str doesn't contains 'A'"); good if [...]

Having too many class definitions in Java can be unreadable

Software AgilityCode Readability Avoid too many classes in the same file This code insight counts one occurrence each time a source file is found with multiple class definitions. Developers can spend time looking for a class in a file if multiple classes are there. Converserly, it is straightforward when the file contains only the searched [...]

Too many uses of ternary operators can increase costs

CostSoftware AgilityCode Readability Too many uses of ternary operators can increase costs Count one violation each time the operator (... ? ... : ...) is used. Grep "?" character except in java when it is involved in a wildcard notation (<?) of generic types. Example : are excluded "List<?>" or "List<? extends T> Why you [...]

Too many class implementations can increase costs

CostSoftware AgilityCode Readability Too many class implementations can increase costs Count the number of distinct classes involved in the scope of implemented methods. ex : MyNamespace::MyClasse1::MyMethods () {...} MyClasse2::MyMethods () {...} Why you should care Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. [...]

Too many class definitions can cause agility issues

CostSoftware AgilityCode Readability Too many class definitions can cause agility issues This code insight counts number of classes definition pattern : class xxx { template <...> class xxx { Why you should care Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. Cost CAST [...]

While Loops are more productive than For Loops

Software ResiliencyCode Reliability While Loops are more productive than For Loops This code insight searches all the artifacts having for loops which can be simplified to a while loop. For loops that do not have Init nor Update part : for ( ;cond; ) Remedy - Try to reduce the number of the artifacts having [...]

Constructors with a return value can be unproductive in PHP

Production RiskSoftware ResiliencyCode Reliability Constructors with a return value can be unproductive in PHP This code insight counts a violation each time the script has a constructor with a return value " <?php class foo { function foo(){ $error = ''; // is set when something goes wrong // things that can go wrong return [...]

Having empty statements can be unproductive in PHP

Software ResiliencyCode Reliability Having empty statements can be unproductive in PHP This code insight counts a violation each time an empty statement is detected in PHP <?php statement1 { // comment //Violation } statement2 (conditions) { // comment //Violation } } } Remedy - Modify the source code to reduce the number of artifacts containing [...]

Too many functions with default value parameters are unproductive

Software ResiliencyCode Reliability Too many functions with default value parameters are unproductive This code insight counts a violation each time parameter has a default value "class CastTest { public function addData( $param0, $param1, $param2, $param3, $param4, $param5, $param5, $param6, $param7, $param8, $param9, $param10) { } }" Why you should care Long parameter lists can indicate [...]

Having an assignment to “this” can be unproductive

Production RiskSoftware ResiliencyCode Reliability Having an assignment to "this" can be unproductive This code insight counts a violation each time the PHP script has an assignment to "this" "This report lists all the Classes containing assignements to '$this'. It provides the following information: Class full name." Remedy - Modify the source code and do not [...]

Using “instanceOf” causes Production Risk

Software ResiliencyCode Reliability How we detect This code insight counts a violation each time an "instanceOf" is utilized public final class BadInstanceOf { public static void doSomething(Animal aAnimal){ if (aAnimal instanceof Fish){ Fish fish = (Fish)aAnimal; fish.swim(); } else if (aAnimal instanceof Spider){ Spider spider = (Spider)aAnimal; spider.crawl(); } } // PRIVATE // private static [...]

Switch cases without ending breaks are hard to understand

Software ResiliencyCode Reliability Why you should care Although Switch cases do not require ending breaks after the default statement, It is recommended to end every branch with a return, or break statement, for the following reasons -   Refactorability - Branches ending with break or end can be easily reordered without having their changing their [...]

Too many global variables can be unproductive

Software ResiliencyCode Reliability Why you should care Global variables should be encapsulated in a class and doing so can make code more productive. Business Impacts Production Risk CAST Recommendations References https://stackoverflow.com/questions/9765942/space-after-function-name-is-wrongStyle Guide How we detect This code insight counts a violation each time there are too many global variables int m_iGlobal = 0; void m() [...]

Memory leaks in C++ is a huge production risk

Production RiskSoftware ResiliencyCode Reliability Memory leaks in C++ is a huge production risk This code insight counts a violation each time a Call free or delete to free the memory.  List all locations where a memory allocation is created (malloc/calloc/realloc, new, and std::auto_ptr.release()) that is not freed (using free or delete). void f() { int [...]

Inconditional branches are unproductive in C++

Production RiskSoftware ResiliencyCode Reliability Inconditional branches are unproductive in C++ This code insight Count one violation each time one of the following keywords is encountered : continue, goto, break. Exception : break at end of "case" statements.   Why you should care Inconditional branches can lead to loss of productivity and necessary optimizations in the [...]

Too many classes with missing destructors can be unproductive

Production RiskSoftware ResiliencyCode Reliability Too many classes with missing destructors can be unproductive This code insight counts a violation each time too many classes with missing destructors are detected.   Why you should care Classes with missing destructors can make the code unproductive. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s [...]

Too many classes with missing constructors can be risky

Production RiskSoftware ResiliencyCode Reliability Too many classes with missing constructors can be risky This code insight counts a violation each time C++ has too many classes with missing constructors Why you should care Too many classes with missing constructors can be unproductive. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s Code [...]

Incorrect dynamic class definition can be non-resilient

Production RiskSoftware ResiliencyCode Reliability Incorrect dynamic class definition can be non-resilient This count insight counts a violation in this non-compliant code example, the function A<int>::f2() is ill-formed because int is not a class and does not have a member named x. Clearly the designer of template A did not intend it to be applied to [...]

Macro definitions cause resiliency issues

Production RiskSoftware ResiliencyCode Reliability Macro definitions cause resiliency issues This code insight counts one violation each time a macro without parameters defines a literal constant. Literal constants are number, character or strings : - numbers, possibly preceded with . or \ - characters enclosed with ' - strings, enclosed with ' or " Exemple of [...]

Classes with missing destructor declarations can be unproductive

Production RiskSoftware ResiliencyCode Reliability Classes with missing destructor declarations can be unproductive This code insight highlights a violation when a class has missing destructor declarations class Vehicle { public: Vehicle(); virtual ~Vehicle(); void start(); void stop(); virtual void run(); protected: Engine* theEngine; }; class Car : public Vehicle { public: Car(); ~Car(); // VIOLATION protected: [...]

Single quote strings keeps code consistent and productive

Software ResiliencyCode Reliability Single quote strings keeps code consistent and productive This code insight counts a violation each time a string is enclosed with double quotes, except if the string contains single quotes within double quotes. bad: "it is a bad string" "it is a \"bad\" string" good: "it ' s a good string" var [...]

Array literals are less risky than Array constructors in JavaScript

Software ResiliencyCode Reliability Array literals are less risky than Array constructors in JavaScript This code insight counts one violation each time "new array(...)" is encountered. bad : Length is 3 : var a1 = new Array(x1, 1.2, "string"); Length is 2 : var a2 = new Array(x1, x2); Length is x1 or error if not [...]

Too many “for in” loops is risky

Software ResiliencyCode Reliability Why you should care Since each iteration through the loop results in a property lookup either on the instance or on a prototype, the for-in loop has considerably more overhead per iteration and is therefore slower than the other loops. For the same number of loop iterations, a forin loop can end [...]

Missing Semicolons in JavaScript can be very unproductive

Software AgilityCode Reliability Why you should care Relying on implicit insertion can cause subtle, hard to debug problems. Don’t do it.  There are a couple places where missing semicolons are particularly dangerous: MyClass.prototype.myMethod = function() {     return 42; }  // No semicolon here. (function() {     // Some initialization code     // [...]

Simplified Syntax can be unproductive in KSH

Software ResiliencyCode Reliability Why you should care Using the simplified, but deprecated/discouraged commands in shell scripts can lead to minor unpredictability and less feature flexibility. It is better practice to stick to the established alternatives to these two commands, for readability, consistency and expansion. Why you should care Using certain syntax in shell, like these [...]

Having too much Spaghetti Code can be risky

Software ResiliencyCode Reliability Having too much Spaghetti Code can be risky This code insight counts one violation each time the keywords break and continue are encountered. Why you should care Avoid unstructured jumps introduced by instructions that interrupt the control flow. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s Code Insights [...]

Leaving arguments unchecked hinders progress

Software ResiliencyCode Reliability Why you should care Checking arguments is a critical component of Shell script. The $# variable indicates the number of arguments.  If this variable is improperly implemented, then the arguments are left unchecked which can lead to improper execution and bugs in the code. Business Impacts Leaving arguments unchecked on multiple shell [...]

No explicit EXIT instruction in last statement in KSH can be risky

Production RiskSoftware ResiliencyCode Reliability No explicit EXIT instruction in last statement in KSH can be risky This code insight counts one violation each time the last instruction of the script is not EXIT. Why you should care If no exit is used, the default behaviour is to exit with the return code of the last [...]

Methods as functions tend to be unproductive

Production RiskSoftware ResiliencyCode Reliability Methods as functions tend to be unproductive This code insight counts one violation each time a method : has no @staticmethod decorator and no "self" as first argument has @classmethod decorator and no "cls" as first argument class Rectangle: # should be preceded by @staticmethod here def area(width, height): return width [...]

Explicit return in __init__ is Unproductive

Software ResiliencyCode Reliability Explicit return in __init__ is Unproductive This code insight counts one violation each time a return statement is encountered in a __init__ method. Why you should care __init__ is a special Python method that is automatically called when memory is allocated for a new object. The sole purpose of __init__ is to initialize the values of instance [...]

Magic Methods in Python can be Risky

Production RiskSoftware ResiliencyCode Reliability Magic Methods in Python can be Risky This code insight counts one violation each time a magic method is called, except if it is in the body of a magic method. bad first_names = ["eve", "lisa", "robert", "paul", "alice"] if first_names.__contains__("robert"): print("list of first names contains robert") good example 1 first_names [...]

Having + for list concatenation

Production RiskSoftware ResiliencyCode Reliability Having + for list concatenation This code insight counts one violation each time a "+" operator is involved in list concatenation. Why you should care Extending a list through a reassignment is not recommended since Python offers other solution for that task with significant performance benefits. Business Impacts Production Risk CAST [...]

Long try blocks can cause risk in code

Production RiskSoftware ResiliencyCode Reliability Long try blocks can cause risk in code This code insight computes the integer part of the average size of all "try" block in number of lines of code. For one "try" block, count the number of line of code between the "try" keyword and the first "except" keyword. Example : [...]

Importing naming collisions can cause risks

Production RiskSoftware ResiliencyCode Reliability Importing naming collisions can cause risks This code insight Counts one violation each time a name collision  is encountered: pattern 1: from xxx import yyy from zzz import yyy pattern 2: from xxx import yyy as zzz from aaa import bbb as zzz pattern 3: import yyy as zzz import bbb [...]

Global Variables can easily change module behavior

Production RiskSoftware ResiliencyCode Reliability Global Variables can easily change module behavior This code insight counts one violation each time global variable is declared, unless its name is uppercase. Why you should care Avoid global variables. Variables that are declared at the module level have the potential to change module behavior during the import, because assignments [...]

Empty and Implicit Returns cause resiliency issues.

Production RiskSoftware ResiliencyCode Reliability Empty and Implicit Returns cause resiliency issues. This code insight Counts one violation each time a function has at least one significant return (expression different from nothing, none or false) and in the same time :  at least one empty return OR an implicit return in place of the last statement. [...]

Conflicts in Local / Global Variables can be Unproductive

Software ResiliencyCode Reliability Conflicts in Local / Global Variables can be Unproductive This code insight counts one violation each time a global variable is assigned in a function, because the variable has the same name. In python, variables are created after receiving their first allocation, so with the following pattern : <identifiers> = bad <xxx> = [...]

Unused arguments are quite risky for the code.

Production RiskSoftware ResiliencyCode Reliability Unused arguments are quite risky for the code. This code insight counts one violation each time a function parameter is not used. Why you should care An argument of a function or method is not used in its body. This error is not critical, but considered bad style. Business Impacts   [...]

Always call ancestor to avoid risks in Python code

Production RiskSoftware ResiliencyCode Reliability Always call ancestor to avoid risks in Python code This code insight counts one violation each time an __init__ method is not calling its ancestor. In a class declared like: class childClass (parentClass): ...def __init__(self): ...... The body of the __init__ function should contain the one of the following statements : [...]

Multiple Significant Returns are risky for the code

Production RiskSoftware ResiliencyCode Reliability Multiple Significant Returns are risky for the code This code insight counts one violation each time a function has several meaningful return statements. Meaningful return statements are returning an expression different from <nothing>, None and False. Why you should care When a function grows in complexity it is not uncommon to [...]

Unused imports cause risks in code

Production RiskSoftware ResiliencyCode Reliability Unused imports cause risks in code This code insight counts one violation each time a import is nerver used. Why you should care Usually, when this issue is encountered, it means that you began implementing a module but did not finish it. Other times, you might have refactored a module, but [...]

Unused variables can cause risks in code

Production RiskSoftware ResiliencyCode Reliability This code insight shows that Unused variables can cause risks in code Counts one violation each time local variable is initialized but never used. bad def area(width, height): a = width * height # todo: implement logging using variable a return width * height good def area(width, height): return width * [...]

Automatic numbering increases costs

CostSoftware AgilityCode Readability Automatic numbering increases costs This code insight counts one violation each a string contains empty format replacement fields. bad print "{} is {}".format("life","hard") good print "{0} is {1}".format("life","hard") Why you should care If you are not numbering your replacement fields {} in your format string, Python auto-numbers them. For example, using "{} [...]

Backslash line continuation makes code less readable

CostSoftware AgilityCode Readability Backslash line continuation makes code less readable This code insight shows that each time a backslash is the last non blank character of a line. Bad my_very_big_string = """"""For a long time I used to go to bed early. Sometimes, \ when I had put out my candle, my eyes would close [...]

len() as upper boundary makes code less readable

CostSoftware AgilityCode Readability len() as upper boundary makes code less readable This code insight shows that Python tries to make the task of slicing lists and numpy.arrays as convenient as possible. If one needs a slice which reaches till the end of the object the upper boundary can be left empty. When negative numbers are [...]

Multiline Conditional Expressions should be avoided

CostSoftware AgilityCode Readability Multiline Conditional Expressions should be avoided This code insight counts one violation each time a multiline conditional expression is encountered. bad x = 1 if cond else 2 good x = 1 if cond else 2 Why you should care Conditional expressions are mechanisms that provide a shorter syntax for if statements. [...]

Improper Indentation can reduce readability

CostSoftware AgilityCode Readability Improper Indentation can reduce readability This code insight shows that improper indentation can reduce readability Why you should care Per the PEP 8 Style Guide, all Python code should be consistently indented with 4 spaces for each level of indentation, not tabs. Business Impacts It is recommended to avoid bad indentation to [...]

Avoid Main Procedures not having an ON ERROR clause

CostSoftware AgilityCode Readability Avoid Main Procedures not having an ON ERROR clause This code insight shows that not managing errors can lead to data corruption and incorrect behavior, even if the error is managed through specific architecture. Why you should care Business Impacts Cost CAST recommendations References http://psoug.org/definition/END.htm About CAST and Highlight’s Code Insights Over [...]

Avoid unused Function parameters

CostSoftware AgilityCode Readability Avoid unused Function parameters (PHP)   This code insight advises that for readability reasons, Functions should not have unused parameters. Review the source code to try to reduce the number of Functions and Methods containing unused parameters. Why you should care Business Impacts Cost CAST recommendations References http://psoug.org/definition/END.htm About CAST and Highlight’s [...]

Missing default in switch statements can cause Production Risk

Software ResiliencyProgramming Best Practices Missing default in switch statements can cause Production Risk This code insight ensures that the keyword "default" is executed when none of the conditions being tested for in the switch statement are met or executed. Having no default keyword, means that there is no backup. The cases that are "impossible" today [...]

Avoid using SELECT … ENDSELECT statement

Production RiskSoftware ResiliencyProgramming Best Practices Avoid using SELECT ... ENDSELECT statement   This code insight shows that The SELECT ... ENDSELECT works as a loop fetching single record for every loop pause. Basically, it works like a client cursor which will generate too much traffic on the network and communications between the application server and [...]

Avoid using “SELECT DISTINCT”, use DELETE-ADJACENT

Production RiskSoftware ResiliencyCode Reliability Avoid using "SELECT DISTINCT", use DELETE-ADJACENT   This code insight ensures for performance reason, if some of the fields are not part of an index, then it is often better to avoid using SELECT DISTINCT. Why you should care Business Impacts Production Risk CAST recommendations References https://technet.microsoft.com/en-us/library/ms187009(v=sql.105).aspx About CAST and Highlight’s [...]

Avoid using dynamic queries

Production RiskSoftware ResiliencyProgramming Best Practices Avoid using dynamic queries   This code insight shows that dynamic queries are difficult to test and can decrease the code understanding. Moreover, include dynamic coding in UI components can generate security issues if the content of the dynamic clauses is not filtered properly. Why you should care Avoid using [...]

Avoid Main Procedures having complex queries

Production RiskSoftware ResiliencyCode Reliability Avoid Main Procedures having complex queries This code insight shows that having complex queries in SQL Artifacts can cause performance problems. Why you should care Business Impacts Production Risk CAST recommendations References https://technet.microsoft.com/en-us/library/ms187009(v=sql.105).aspx About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software [...]

Avoid classes overriding only equals() or only hashCode()

Production RiskSoftware ResiliencyProgramming Best Practices Avoid classes overriding only equals() or only hashCode() This code insight reports all classes that override only boolean equals(Object) or only int hashCode() . Why you should care Often classes are used in HashMap to provide an efficient storage and retrieval. The Java platform architects anticipated the importance of hash-based [...]

Type() can hamper productivity

Production RiskSoftware ResiliencyCode Reliability Type() can hamper productivity This code insight detects each time type() is used in code Why you should care The function isinstance is the best-equipped to handle type checking because it supports inheritance (e.g. an instance of a derived class is an instance of a base class, too). Therefore  isinstance should be used [...]

Truncate tables compromise backups

Production RiskSoftware ResiliencyCode Reliability Truncate tables compromise backups This code insight detects the total number of database objects containing code: SP, Functions, and Triggers.  Why you should care Although "truncate table" statement can be desirable under some circumstances from a performance point of view it is problematic because deletion are not logged. Thus the log [...]

The code contains too many includes.

InnovationSoftware EleganceCode Complexity The code contains too many includes. This code insight lists all Abap Programs using too many Includes. It provides the following information: Abap Program fullname, number of Includes  Why you should care High number of Includes decreases the visibility in terms of data definitions and processes. Program maintenance will become difficult. Business [...]

Nested Loops cause performance issues

Software EleganceCode Complexity Why you should care If the amount of data is large, nested loops are fully avoided due to performance issues. If the program is extracting small amount of data, then focus on SELECT statements than nested loops. The indexed loop and READ statement using binary search are the best methods to avoid [...]

Explicit Option makes declaring variables easier

Software ResiliencyCode Reliability Why you should care VB has specific behavior that enable the developer to use variables even if these variables have not been previously declared and typed. However, it is possible to avoid this default behavior using the Option Explicit : in this case, all variables will require a declaration prior use. This [...]

Crossing the Parameter limit can cause bugs

Software EleganceCode Complexity Why you should care Parameters are used to pass data between a stored procedure and the batch or script. It results in executing the stored procedure. Each Parameter has a limit, known as a Parameter limit, which is hard-coded per stored procedure. The Parameter limit, in an SQL server, is 2,100. This [...]

Manage transactions when changing tables

JSPSQLJSP{{ vc_btn:title=Software+Resiliency&style=flat&color=juicy-pink&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fsoftware-resiliency%252F%7C%7C%7C }} {{ vc_btn:title=Code+Reliability&style=flat&color=black&link=url%3Ahttps%253A%252F%252Fdoc.casthighlight.com%252Fcategory%252Fproduct%252Findicators-methodology%252Fcode-insights%252Fsoftware-resiliency%252Fcode-reliability%252F%7C%7C%7C }} Why you should care Every Servlet or JSP exposed to the Internet represents another attack surface and potential failure point. The best solution is to expose only what's necessary under the most restrictive conditions that make sense. It is common to think that internal web applications are deployed where [...]

Avoid classes using incorrect dynamic allocation

Avoid classes using incorrect dynamic allocation Software ResiliencyProgramming Best Practices This code insights verifies classes that don't use dynamic allocation correctly, i.e. without constructors by copy or without allocation operator. Depending on the density of occurrences and specific thresholds, Highlight counts penalty points to the scanned file. Why you should care Classes with incorrect dynamic [...]

Avoid classes with missing destructor declarations in header files

Avoid classes with missing destructor declarations in header files Software ResiliencyProgramming Best Practices This code insight verifies in C++ applications if classes in header files (.h) haven't declared destructors. Highlight counts one occurrence for each missing class destructor found in a header file. Why you should care In some cases, missing class destructors can lead to memory leaks, [...]

Avoid macros defining constants

Avoid macros defining constants Software ResiliencyCode Reliability This code insight verifies in C++ applications when macros without parameters define a literal constant. Depending on the density of occurrences and the thresholds set for this code insight, Highlight counts penalty points for the scanned file. Literal constants are numbers, characters or strings (numbers, possibly preceded with . or \, characters [...]

Lack of multiple-inclusion protection in header files

Lack of multiple-inclusion protection in header files   Software ResiliencyProgramming Best Practices This code insight verifies in C++ applications that header files (.h) are protected against multiple inclusion. If a header file is not using the appropriate syntax, Highlight counts an occurrence. Why you should care The basic use of header files is to provide [...]

Too many unconditional branches may end to Spaghetti Code

Too many unconditional branches may end to Spaghetti Code Software ResiliencyProgramming Best Practices This code insight counts the number of unconditional branches (e.g. GOTO, continue, break except if it is at end of a 'case statement'...). Highlight counts penalty points contributing to the Software Resiliency health factor, depending on the density of this pattern you should ideally have in [...]

Using {curly braces} is less error-prone

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

RETURN should be used to terminate a database query or a stored procedure

Software ResiliencyCode Reliability Why you should care The RETURN statement is useful as it terminates a query, stored procedure or batch. When used in a stored procedure, the RETURN statement specifies an integer value to return to the calling application, batch, or procedure. If no value is specified then the stored procedure returns the value [...]

Avoid using risky patterns too frequently

Software ResiliencyProgramming Best Practices Why you should care Some specific code syntaxes, even if they compile and don't make a software crash directly, are not recommended mainly for two reasons: They're often obscure and/or implicit and could definitely lead to misinterpretations by junior developers, which frequently means unexpected bugs when the code is modified When [...]

Native Dynamic SQL is easier to use than DBMS SQL.

Native Dynamic SQL is easier to use than DBMS SQL. Software ResiliencyProgramming Best Practices This code insight shows that PL/SQL provides two ways to write dynamic SQL: Native dynamic SQL, a PL/SQL language (that is, native) feature for building and executing dynamic SQL statements DBMS_SQL package, an API for building, executing, and describing dynamic SQL [...]

End keyword highlights end of execution

Software AgilityCode Readability Why you should care The END keyword is useful as it terminates a PL/SQL block. This keyword is found at the end of procedures, functions, packages, triggers, blocks or any type of body where an executable action is performed. In other words, it signifies the end of execution of a block. Business [...]

A Return Statement in the middle of a command makes it unreadable

Software ResiliencyProgramming Best Practices Why you should care The RETURN statement is useful as it terminates a query, stored procedure or batch. When used in a stored procedure, the RETURN statement specifies an integer value to return to the calling application, batch, or procedure. If no value is specified then the stored procedure returns the [...]

Mixing DDL & DML operations can cause recompilation

Software EleganceCode Complexity Why you should care Developers do not recommend mixing DDL and DML Operations. They are generally avoided because such mxing can cause a Recompile which results in resetting the code differently and causing a mess in the process. It is recommended to place all DDL statements at the top of the stored [...]

Object Qualification improves readability

Software AgilityCode Readability Why you should care Object Qualification is the process of determining whether a persistent object satisfies a set of specified conditions. It is typically performed as part of a search operation that finds a group of persistent objects based on the values of one or more of their attributes. It is tested [...]

Conditional expressions should not be too complex

Software EleganceCode Complexity Why you should care Having complex conditional expressions in your software might slow down your development team to quickly evaluate if and how the code will be run within these conditions. In addition, if conditions are misunderstood because there are too complex (especially when additional native functions like “!empty” or “!isset” makes [...]

Empty Catches may cause security risks

Software ResiliencyProgramming Best Practices Why you should care Most developers contend that it’s not ideal to have an empty catch block. Empty Catch is the cause of an exception occurring where nothing happens and the program fails. When such an exception occurs, it can be thrown up to the caller, or caught in catch block. [...]

Not all Tag libraries should be imported

Software ResiliencyProgramming Best Practices Why you should care A tag library defines a collection of custom actions. The tags can be used directly by developers in manually coding a JSP page, or automatically by Java development tools. A tag library must be portable between different JSP container implementations. If the tag library is not utilized, [...]

Documentation facilitates Code Maintainability

Software AgilityCode Readability Why you should care Documentation is useful as it helps maintaining and embedding the code well. Undocumented code causes problems in the code by decreasing agility and maintenance reduction. Business Impacts Documenting code is advised as it allows for the code to be better maintained which frees up the code from potential [...]

Less efficient datatypes cause interchangeability issues

Software ResiliencyProgramming Best Practices Why you should care Every constant, variable, and parameter has a datatype (or type) which specifies a storage format, constraints, and valid range of values. PL/SQL provides a variety of predefined datatypes which tend to be inefficient in nature. It’s recommended to use efficient practices over inefficient types to ensure the [...]

Comparison operators compare values

Software ResiliencyProgramming Best Practices Why you should care This is important since Javascript has comparison operators such as “regular equality” (==) and “is not equal to” (!=) which compares two values (strings, numbers, boolean operands and so forth) for equality. With “regular equality”, two values are set to identical after being converted to a common [...]

eval() evaluates statements

Software ResiliencyCode Reliability Why you should care Eval() is a function property of the global object. The argument of the of the eval() function is a string. If the string represents an expression, eval() evaluates the expression. If the argument represents one or more JavaScript statements, eval() evaluates the statements. Do not use eval() to [...]

Local variables allows variables to be relegated to a function

Software AgilityCode Readability Why you should care Local Variables occurs when a typeset statement is used inside a function definition and the respective variables involved all become ‘local’ to that function (in addition to any properties that may take on as a result of typeset options.) The ability to define variables that are local to [...]

Avoid dangerous types

C/C++ (MISRA)PL/SQLC/C++ (MISRA)Software ResiliencyCode Reliability Why you should care The basic numerical types of char, int short, long, float, double, and long double should not be used directly to declare variable. This is because their storage size is machine dependent, and so for portability consideration, specific-lengths typedefs types should be used instead. Example of usefull [...]

SELECT clauses with many columns tend to be complex in nature.

Software EleganceCode Complexity Why you should care Artifacts with a SELECT clause tend to be complex in nature as SELECT clauses with many clauses are difficult to read and does not help the reader in identifying the columns that can be retrieved. Also a query that retrieves many columns can potentially cause performance problems as [...]

Deprecated features makes code less resilient

Software ResiliencyProgramming Best Practices Why you should care Deprecated features are usable but should not be used because they are expected to be removed entirely in the near-future and placing them in the code can cause potential bugs and be less resilient. Business Impacts Deprecated features are considered to be highly risky and unproductive in [...]

File Naming Convention (FNC) helps in organization

Software AgilityCode Readability Why you should care File Naming Convention helps one stay organized by making it easy to identify the file(s) that contain the information from its title and by grouping files that contain similar information close together. It also helps others better understand and navigate through one’s code. Business Impacts File Naming Convention [...]

Specify precision otherwise error occurs

Software ResiliencyCode Reliability Why you should care Specify precision which is the total number of digits, and scale, which is the number of digits to the right of the decimal point. The range of a Char variable is from 1 to 32767 bytes. When the expression falls outside this range, it is no longer precise [...]

The first line activates the KSH interpreter

Software ResiliencyProgramming Best Practices Why you should care The first line is useful as it tells the OS what interpreter to invoke in order to run the script. In this case, the interpreter is the KSH interpreter. Without this line, the KSH interpreter cannot used to run this script. Business Impacts The first line in [...]

Variable declaration creates an instance in the class

Software ResiliencyProgramming Best Practices Why you should care It is important to remember that KSH uses variables and parameters to store values.  It also supports data types and arrays.  The four data types KSH supports include string, integer, float and array.  If a data type is not defined then KSH assumes the variable is a string. Usually KSH [...]

Symmetrical listing allows for better understanding and bug prevention

Software AgilityCode Readability Why you should care It is recommended to have the list be symmetrical as it allows for the code to be readable and understandable by the user as well allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes. Business Impacts It is advised to give careful attention [...]

Correct indentation allows for better understanding and bug prevention

Software AgilityCode Readability Why you should care It is recommended to correctly indent the lines as it allows for the code to be readable and understandable by the user as well allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes. Business Impacts Ensuring that lines are properly indented allows for [...]

Short local variables could lead to bugs and misinformation

Software AgilityCode Readability Why you should care It is recommended to ensure local variables not short as it allows for the code to be readable and understandable by the user as well as allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes Business Impacts Managing the length local variables allows [...]

Avoid Backslash to continue command

Software AgilityCode Readability Why you should care With line-oriented text, the backslash is used at the end of a line to indicate that the trailing newline character is to be ignored. In other words, with the backslash, the following line belongs on the same line as the line prior. As in they are both on [...]

HTML comments do not add to user-friendliness

Software AgilityEmbedded Documentation Why you should care Adding comments to the HTML code generally provides assistance to the developer but provides little practical use to the client as it does not increase user-friendliness since having commentaries on the source page could be a bit unnecessary. Business Impacts It is recommended to avoid Incorporating HTML comments [...]

Pipes are an inefficient way of dealing with commands

Software ResiliencyProgramming Best Practices Why you should care Pipes take the output of one command and put it on the input of another command. They can also be strung together. This way, one can find matches in a particular pattern in their name AND have a particular IP address range. However the disadvantage is that [...]

Too many pipe commands cause inefficiency

Software ResiliencyProgramming Best Practices Why you should care Having too many pipe commands could result in code inefficiency as well as possible entry of bugs and crashes in the code due to increased stringing and redirections as a result. Business Impacts Using pipes in a program can be a risky decision as it tends to [...]

CASE is better to understand than DECODE

Software ResiliencyProgramming Best Practices Why you should care The DECODE function belongs to PLSQL and has the functionality of an IF-THEN statement. It’s syntax is as follows DECODE( expression , search , result [, search , result]…[, default] ) expression – The value to compare search – The value is compared against expression result – [...]

Javabeans & Tags are useful in JSP as they encapsulate

Software ResiliencyProgramming Best Practices Why you should care It is recommended to use Javabeans and tags as Java Beans are good general-purpose objects that encapsulate information and states in a portable setting while allowing for its’ properties, events and methods can be controlled as they are exposed to an application builder tool. JSP tags are [...]

Short code identifiers worsens collaboration

Software AgilityEmbedded Documentation Why you should care Short identifiers were in existence as early variable mnemonics were limited to as few as six to eight characters leading to many developers abbreviating concepts in their variable names. However, in the past thiry years since 2009, there has been a steady increase in permitted name length and [...]

Empty Catches cause code errors & unreliability

Software ResiliencyProgramming Best Practices Why you should care When an exception occurs during programming, it is usually caught in a catch block. Empty catch is when an exception occurs but the program fails because nothing occurs. As a result, they are a common source for obtaining errors in the code, and then executing these errors. [...]

GoTo is primitive & outside one’s control

Software ResiliencyProgramming Best Practices Why you should care The GOTO statement branches unconditionally to a statement label or block label. The label must be uniqe within its scope and precede an executable statement. The issues with GoTo however is its repetitive and superflous nature. It also enlongates the conceptual phase between the static prgram and [...]

Semicolon is used to terminate statement

Software ResiliencyCode Reliability Why you should care Semicolons are utilized in PLSQL to terminate a statement. Without it the statement is not terminated and sends back an error. Business Impacts Semicolons are essential to any code that runs a working program. Without it, the code does not work. Production Risk CAST Recommendations References http://www.toadworld.com/platforms/oracle/w/wiki/1767.plsql-semicolon-delimiter-plf4Style Guide [...]

Untrusted data can be prevented by validation

Software ResiliencyCode Reliability Why you should care Transactions are vital in SQL as one of them is the representation of one or more changes to the database. For instance, anytime a record is created, updated or deleted in the database, a transaction is performed in that database. Therefore, it is recommended to manage transactions as [...]

EXIT closes the entire script

Software EleganceCode Complexity Why you should care EXIT instruction is designed to exit the entire script hence the purpose of having only one instruction at a time. EXIT instruction has the capability of causing some of the script to be unread if placed incorrectly. As a result, the script will have compilation errors. Business Impacts [...]

Care must be taken while selecting a Candidate key as Primary

Software ResiliencyProgramming Best Practices Why you should care Candidate Key can be any column or a combination of columns that can qualify as a unique key in the database. There can be multiple Candidate keys in one table. Each candidate key can qualify as Primary Key. Primary Key is a column or combination of columns [...]

Exported Variables are global in scope and store values

Software AgilityCode Readability Why you should care Variables and parameters are used by the Korn shell to store values. The Korn shell supports data types and arrays. The Variables are global in scope and begin with an alphabetic or underscore character followed by one or more alphanumeric or underscore characters. Other variables include digits (0 [...]

Multiple instructions on the same line decreases code readability.

Software AgilityCode Readability Why you should care Having multiple instructions on one line of code remarkably decreases readability of the code as well as making it tougher to understand, and execute, causing it to be more susceptible to bugs in the long run. Business Impacts It is recommended to have reduce the number of instructions [...]

JSP can handle exceptions

Software ResiliencyCode Reliability Why you should care When writing a JSP code, coding errors can happen at any part of the code. When an error occurs, the file cannot be found causing an exception. Such exceptions included are Checked exceptions, Runtime exceptions, Errors. JSP provides ways to handle exceptions such as specifying Error Page for [...]

Conditional comments are designed exclusively for IE

Software ResiliencyCode Reliability Why you should care Conditional Comments are designed exclusively for Internet Explorer (IE), and hence they operate greatly in that specific browser as these comments are suited to give special instructions that are only meant for IE. As a result, conditional comments are considered a hindrance when run in a browser, other [...]

Background processes are created by KSH

Software ResiliencyCode Reliability Why you should care Background processes occur behind the scenes without user intervention. They can be considered unwanted and slow down the software that is running and is of main priority to the user. Background processes occur as KSH is capable of providing a facility to control and run job in the [...]

A static or unqualified import is harmful to readability.

Software ResiliencyProgramming Best Practices Why you should care A static or unqualified report is found in the JSP which is analogous to normal import declaration. The report is unqualified after adding a star(*) at the end of the import statement. However the issue with the unqualified report is that they make one’s program unreadable impacting [...]

EXIT without parameters cause issues in the script

Software ResiliencyCode Reliability Why you should care The KSH script starts at the first and essentially ends when the code encounters an “exit” or the last line. When exiting a code without parameters, it causes the code to become unreliable and cause errors that tend to become unmanageable. Business Impacts It is recommended to have [...]

If & else statements can be taxing for the CPU

Software ResiliencyProgramming Best Practices Why you should care If and else statements are considered to be time consuming in nature as they tend to be repetitive in order to execute the code properly which causes is not ideal for a programmer and can also be considered taxing for the CPU. Business Impacts While if and [...]

Multiple lines makes code harder to read

Software ResiliencyProgramming Best Practices Why you should care Having multiple lines as one line of code remarkably decreases readability of the code. This makes the source code tougher to understand, and execute, causing it to more error prone and susceptible to bugs in the near-future. Business Impacts Combining multiple lines of code on one line [...]

Artifacts and Subqueries decrease code agility

Software AgilityCode Readability Why you should care Having Complex queries in SQL Artifacts lead to causing performance problems and decrease in code agility. Subqueries are considered to be complicated in nature. Business Impacts Complex queries are not recommended as they reduce code agility thereby increasing costs. Cost CAST Recommendations Subqueries are generally considered fine unless [...]

$$ creates unique temporary filenames

Software ResiliencyCode Reliability Why you should care $$ is used to making temporary names with the process ID in KSH. It allows for the name to be unique to the process. Business Impacts $$ prevents risks and is helpful in making KSH code more productive by giving it more uniqueness. Production Risk CAST Recommendations References [...]

CASE cannot be an instruction without a WHEN clause

Software ResiliencyProgramming Best Practices Why you should care The PLSQL CASE has similar functionality of an IF-THEN-ELSE statement. The CASE statement evaluates a single expression and expresses it against several potential values or evaluates Boolean Values while choosing the first one that is TRUE. WHEN clauses are executed in order. WHEN clauses is executed only [...]

Double semicolon is required for a bash syntax to correctly parse the command

Software ResiliencyCode Reliability Why you should care A simple semicolon is used to end the items of structures, signatures and objects as these semicolons are considered mandatory. The double semicolon is also useful as it leaves no ambiguity in the code. It is required as it is used at the end of each clause as [...]

Multiple packages in the same file have multiple references can cause agility issues

Software AgilityCode Readability Why you should care A package is a schema object that groups logically related PL/SQL types, variables, and subprograms. They usually have a specification (spec) and a body. The spec is the package’s interface which declares the types, variables, constants, exceptions, cursors, and subprograms which are referenced from outside the package. Although [...]

CompareTo Empty is unreliable as it tests reference equality, not object equality

Software ResiliencyCode Reliability Why you should care Using a CompareTo Empty string is considered unreliable as it tests reference equality and not object equality. Generally when programming, one cannot entirely rely on reference equality as it tends to be inaccurate and unreliable which is not ideal for the code. Business Impacts It is recommended to [...]

Javascript in HTML can be unreadable and cause reliability issues

Software ResiliencyCode Reliability Why you should care Including JavaScript files in HTML is not ideal as some browsers cannot read an external Javascript file and usually renders it completely blank. It usually requires importing a Jquery. Having Javascript files be unreadable in HTML can cause reliability issues. Business Impacts It is recommended to avoid JavaScript [...]

JSP standard is XML-compliant but certain elements cannot be mixed causing agility issues

Software AgilityCode Readability Why you should care Mixing JSP standard syntax and JSP XML syntax is considered somewhat common as much of the standard JSP syntax is already XML-compliant including all the standard actions. However there are certain elements that are not compliant with an XML syntax. Such elements include Comments where Standard Syntax comments [...]

Group Use declarations help cut verbosity in the code

Software AgilityCode Readability Why you should care Group use declarations are used to cut verbiosity when importing multiple entities from a common nameplace. These declarations help make it easier to identify multiple imported entities belong to the same module. It helps improve readability, allow for the code to be less complicated and less error prone [...]

Commenting on setProperty() method allows for software to be resilient

Software ResiliencyCode Reliability Why you should care setProperty() method interface sets a new value for a property on a CSS declaration object. Without commenting on the setProperty() method, it is left ambigous which is not ideal for good programming practice causing reliability issues which can result in an error prone software. Business Impacts It is [...]

Aliases can complicate and hide commands that hamper resiliency

Software ResiliencyCode Reliability Why you should care An Alias is an alternative name or reference that can be defined in a T-SQL statement for use within that statement. They are not stored by the SQL server permanently. Usually they are one or two characters long and are not required in any part of the statement. [...]

CDATA is an XML construct which can only be read by JSP

Software ResiliencyProgramming Best Practices Why you should care CDATA stands for character Data and is an XML construct. It lies in between these strings which include data that could mistakenly be interpreted as XML markup. It has no meaning in HTML as it is ignored by the parser. However, it is not ignored by Javascript [...]

Illegal exception occurs when user declares a standard exception.

Software ResiliencyCode Reliability Why you should care In PLSQL, an exception is a warning or a type of error condition. They can internally defined (by the run-time system) or user defined. An illegal exception occurs when a standard exception is declared by the user because such expressions are declared by PLSQL. Having illegal expressions in [...]

Incomplete JSP fragments can cause readability errors.

Software ResiliencyProgramming Best Practices Why you should care JSP fragments are a portion of a JSP code passed to a tag handler so it can be invoked as many times as required. They can be considered as a template that is used by a tag handler to produce customized content. A fragment attribute is evaluated [...]

Declaring errors prevents security risks

Software ResiliencyProgramming Best Practices Why you should care Exception handling is the process in JSP to handle runtime errors. Any number of exceptions can arise when JSP page is executed. Without defining or declaring the errors, the error is not undeclared and is left unverified causing it have security risks and flawed resiliency which is [...]

Using {curly braces} is less error-prone

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Switch statements should have a default case specified

Switch statements should have a default case specified Software ResiliencyProgramming Best Practices This code insight verifies the ratio between the number of switch statements with missing default cases specified and the total number of switch statements found in the source code. Depending on this ratio and thresholds CAST has defined, Highlight counts penalty points for [...]

Database columns, functions, triggers and procedures should be commented

Database columns, functions, triggers and procedures should be commented Software AgilityEmbedded Documentation This code insight counts the number of function parameters, triggers, procedures and database columns (on CREATE TABLE) that are not commented. Based on specific thresholds CAST has defined, Highlight counts penalty points to the scanned file. Why you should care Making sure your [...]

Avoid exposing too many attributes

Avoid exposing too many public class fields Software ResiliencyProgramming Best Practices This code insight counts the number of cases when an attribute is directly exposed outside a class (more explicitly when the keyword "public" is associated with a data field of the class). Based on the density and on specific thresholds CAST has defined, Highlight [...]

Avoid using functions before their declaration

Avoid using functions before their declaration Software AgilityCode Readability This code insight counts the number of cases when functions are called prior to their definition in the source code. Based on the density of this bad practice and on specific thresholds CAST has defined, Highlight counts penalty points for the scanned file. Pattern example (here, [...]

Avoid repetitive access to nested members

Software ResiliencyProgramming Best Practices Why you should care As explained by W3C: “Accessing the DOM in browsers is an expensive thing to do. The DOM is a very complex API and rendering in browsers can take up a lot of time. You can see this when running complex web applications when your computer is already [...]

Code should be stripped out of suspicious comments

Code should be stripped out of suspicious comments (e.g. todo, tbd, tbc, etc.) Software AgilityEmbedded Documentation This code insight counts the number of occurences where suspicious keywords are found in comments. Based on the number of cases and associated with specific thresholds CAST has defined, Highlight counts penalty points to the scanned file. Keywords that [...]

Semicolons seem to be missing too frequently

Semicolons seem to be missing too frequently Software ResiliencyCode Reliability This code insight verifies that semicolons are not missing too frequently. Depending on the calculated density and based on thresholds CAST has defined by analyzing hundreds of Javascript projects, Highlight counts penalty points to the scanned file. Why you should care Although Javascript provides more [...]

Structural code complexity may be too high

Structural code complexity may be too high Software EleganceCode Complexity This code insight - derived from Tom McCabe's Cyclomatic Complexity - estimates the level of strutural complexity of a piece of source code by counting and summing the total number of logical conditions (if, while, for, case, default), functions and methods. Depending on specific thresholds [...]

The code contains too many lines containing several instructions

The code contains too many lines containing several instructions Software AgilityCode Readability This code insights verifies that the source code doesn't contain multiple instructions in a single line. Depending on the density of cases of multiple instructions per line of code, and based on specific threshods, Highlight counts penalty points for the scanned file. The [...]

Method parameters should have their description tag

Software AgilityEmbedded Documentation Why you should care Ensuring your application source code is well-documented is a no brainer and an undisputed good programming practice. And since applications are now more and more exposed to a technical audience through APIs, the level and quality of the technical documentation is a key differentiator that could make your [...]

A line of code shouldn’t be too long (to help readability)

A line of code shouldn't be too long (to help readability) Software AgilityCode Readability This code insight counts the number of characters for each line of code and verifies that an application doesn't globally contain too many long lines. Depending on thresholds defined by CAST based on its expertise and experience in measuring software, Highlight [...]

Code indentation, line, and character encoding formats should be consistent

Code indentation, line, and character encoding formats should be consistent Software AgilityCode Readability This code insights detects when different code formatting styles are heterogeneous (CRLF, CR or LF for new line formatting, full spaces, tab spaces ... for identations, UTF8, Windows-1252 … for character encoding). Depending on the number of different styles used within a [...]

Attribute, classes and methods should follow a naming convention

Software AgilityCode Readability Why you should care You may think naming conventions are purely cosmetic, and you’re not completely wrong. However, this is a signature of a mature development team who writes good software. If theses simple rules are not applied, what about the rest? Like in English where a sentence starts with a capital [...]

Avoid literal numbers (i.e. Magic numbers are not so magic)

Software ResiliencyProgramming Best Practices Why you should care A magic number is a direct usage of a number in the code (e.g. “if($foo > 65)”) which refers to a specific value that can’t be easily understood by just reading it. Using too many magic numbers can lead to these types of issues: – Confusing: the [...]

Too many controversial, unsafe or deprecated keywords in procedure divisions

Too many controversial, unsafe or deprecated keywords in procedure divisions Software ResiliencyCode Reliability This code insights looks in COBOL procedure divisions for a list of possible deprecated or controversial keywords and verifies if their usage frequency is abnormaly high. Possible deprecated or controversial keywords Highlight looks at: SELECT, ACCEPT (if not followed by FROM DAY, [...]

Ensure that your main SQL-related code artifacts are documented

Ensure that your main SQL-related code artifacts are documented Software AgilityEmbedded Documentation This code insight counts the number of SQL-related code artifacts (functions, procedures, triggers and view declarations) that are not preceded with a block of comments, and compares that number to the total number of artifacts. Depending on this ratio and based on thresholds [...]

Operators and operands should use appropriate spacing to help readability

Operators and operands should use appropriate spacing to help readability Software AgilityCode Readability This code insights verifies that operators and operands are generally surrounded with spaces for better readability. Depending on thresholds CAST has defined, Highlight counts penalty points for the scanned file if missing spaces are too frequent. Why you should care Itishardertoquicklyunderstandwordsthatarenotseparatedwithspaces, don't [...]

Levels of logic complexity and conditions seem to be unbalanced

Software EleganceCode Complexity Why you should care Managing software complexity is an art of balancing the different natures of complexity that code can exhibit. Ensuring that logical operators are not too frequently complex within logical conditions is one way to help developers spend more time adding new features instead of trying to figure out how [...]

Avoid using “this” unless it points to a newly created object (and tested)

Software ResiliencyCode Reliability Why you should care In some contexts, using the keyword "this" could impact software reliability and lead to unexpected behaviors. More specifically, in a constructor, this is a reference on a new object just created by the new keyword when invoking a constructor. But, if the constructor is not invoked with new [...]

Wildcard imports should not be used too frequently

Wildcard imports should not be used too frequently Software AgilityCode Readability This code insight detects and counts the number of import statements with a wildcard (e.g. "import java.awt.*") and compares with the number of total import occurences found in the code. Why you should care Like in database queries, importing software libraries or packages using [...]

Exceptions shouldn’t be caught with system exception classes

Exceptions shouldn't be caught with system exception classes Software ResiliencyProgramming Best Practices This code insight detects and counts the usage of generic exception catches like catch(…), Exception, Throwable, SystemException, RuntimeException, Error. Based on frequency thresholds CAST has determined by analyzing source code over the last 25 years, Highlight determines whether the usage ratio of these [...]

Avoid Implied Typecasting

Software ResiliencyCode Reliability Why you should care Software development is an exact science and software doesn’t really like having doubts. Some programming languages have different ways to evaluate and compare manipulated information.  In the case of this code insight, a syntax confusion due to an implicit interpretation (e.g. using “==” instead of “===” in Javascript) [...]

Using {curly braces} is less error-prone

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Too much commented out code can be counter-productive

Too much commented out code can be counter-productive Software AgilityEmbedded Documentation This code insight counts the number of comment lines that starts with keywords such as if, else, while, foreach, switch, etc. and ends with ";", "{" or "}". Depending on the density of commented out lines compared to total lines of code, Highlight counts [...]

The vocabulary frequency is too low

The code vocabulary frequency may be too low {{ vc_btn:title=SOFTWARE+ELEGANCE&style=flat&color=juicy-pink }} {{ vc_btn:title=CODE+COMPLEXITY&style=outline&color=juicy-pink }} This code insight - a derived metric from Halstead complexity measures - evaluates if a source file has a correct level of keyword variety (i.e. the ratio between the total number of operators/operand and the number of distinct operators/operands). If this [...]

Bulky files are complex to work with

Software EleganceCode Complexity Why you should care Having too large source files could be compared to looking for a needle in a haystack. If developers have to massively scroll down to go to the portion of code they want to fix or to add a new functionality, it costs time and energy. Although there's no [...]

A line of code shouldn’t be too long (to help readability)

Software AgilityCode Readability Why you should care A piece of source code in your software could be compared to a page of a book.  In a book, a human can’t easily read and understand a very long line – it’s all about eye comfort. That’s even more true when reading code, since each keyword could [...]

Ensure the code contains enough block of comments

Ensure the code contains enough block of comments Software AgilityEmbedded Documentation This code insight verifies the ratio between the number of comment blocks and total lines of code instructions (comment, blank and docstring excluded). Depending on the calculated ratio and the technology (by design, some programming languages - keywords, operators, etc. - require less comments [...]

Short code identifiers are harder to understand

Short code identifiers are harder to understand Software AgilityEmbedded Documentation This code insight counts the number of code identifiers (such as class, function, method, attribute names, etc.) whose length is lower than a predefined number of characters for each technology. Depending on the density of these short identifiers vs. all identifiers, Highlight counts penalty points [...]