Indicators & Methodology

Understand what CAST Highlight’s indicators and code insights mean and how to interpret them…

Highlight KPIs

Software Health

Definition Software Health indicated how your application complies with programming best practices that increase resiliency, improve agility and reduce complexity. Software Health score is the straight average of Software Resiliency, Software Agility and Software Elegance scores. Thresholds Thresholds used for Software Health categories: High (green): value > 78.0 Medium (orange): value >= 58.0 Low (red): [...]

Software Elegance

Definition Software Elegance measures the ability to deliver software value with less code complexity. A low Software Elegance score indicates decreased quality in the code resulting in higher defects that become costly to fix at mid-term.   Thresholds Thresholds used for Software Elegance categories: High (green): value > 78.0 Medium (orange): value >= 55.0 Low (red): [...]

Software Resiliency

Definition Software Resiliency indicates programming best practices that make software bullet-proof, more robust and secure. This index is derived through technology-specific code analysis that searches for the presence of code patterns and bad programming practices that may comprise the reliability of the software at short term. Higher is the Software Resiliency, lower is the likelihood [...]

Software Agility

Definition Software Agility indicates the easiness of a development team to understand and maintain an application. This index is derived through technology-specific code analysis that searches for the presence of embedded documentation and code readability good practices.   Thresholds Thresholds used for Software Agility categories: High (green): value > 71.0 Medium (orange): value >= 56.0 Low [...]

ROAR Index

The ROAR (Ranking of Application Risks) index is a composite metric that takes into account the three main Highlight software health factors (Software Resiliency, Software Agility and Software Elegance) with a weighted average formula, balanced with the Business Impact of the application. And that’s probably the most important part of the formula here, since it mixes both technical […]

Business Impact

Definition The Business Impact Index measures the criticality of an application to your company’s business. The index is derived through specific online survey questions concerning application impact on the business. These questions capture key data points such as: number of major releases; volume of end users; and impact of application failure on revenue loss. CAST […]

Software Maintenance Estimates

Definition Based on COCOMO II (Constructive Cost Model - Post Architecture), the Software Maintenance Effort calculated by Highlight estimates the ideal level of effort in order to maintain an application in good operational conditions, expressed in FTE (Full-Time Equivalent). This indicator is derived both from the Software Maintenance survey and the software quality analysis which are [...]

List of Cloud Service Recommendations

Using Software Intelligence, CAST Highlight combines detected code patterns, technologies and OSS components and contextual characteristics of an application to help cloud architects identify the best cloud services to adopt for their custom apps from Cloud vendors. Below is the list of Cloud services from Cloud Service Providers that CAST Highlight supports for recommendations.

Backfired Function Points

Definition Back-Fired Function Points (BFP) estimate the number of function points of an application. This code-derived metric is based on the lines of code, weighted by an abacus for a given technology. The abacus is taken from QSM (Quantitative Software Management).   Example An application is composed of 3 different technologies: Java (100K lines of code) PL/SQL […]

Technical Debt estimates and stats by technology

As detailed in the Indicator & Methodology deck, CAST Highlight leverages software quality measures and statistics provided by the application benchmarking solution CAST Appmarq to estimate the amount and density of technical debt that your application code base may have accumulated across iterations. The table below lists the technical debt statistics per line of code […]

Highlight Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 20+ technologies to calculate health factors of a software. Here is a sample.
Software ResiliencySoftware AgilitySoftware Elegance
  • All
  • Acceleration
  • Agile Analytics
  • Agile Analytics
  • Blog
  • Code Complexity
  • Code Insights
  • Code Readability
  • Code Reliability
  • Cost
  • Embedded Documentation
  • Innovation
  • Miscellaneous
  • Programming Best Practices
  • Risk
  • Software Agility
  • Software Elegance
  • Software Resiliency

The code contains too many MOVE instructions with multiple assignments

Software AgilityEmbedded Documentation Why you should care Description coming soon... Business Impacts Description coming soon... CostTime / Effort CAST Recommendations Description coming soon... References Coming soon... How we detect Coming soon... About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of [...]

Avoid having too many conditions using variables without operators

When a variable without any operators is found within a ‘IF’ condition, in most of cases, it means that the developer wanted to perform some controls on this variable. However, in order to avoid any unexpected behavior during the execution, and depending on the verification type the developer intends to perform (existing/set or empty or true/false or null variable?), it is recommended to use the appropriate method, so that the risk of misinterpretation of the verification is limited.

Avoid using complex operands

This code insight sanctions data accesses in operands having a too high level of indirection. The level of indirection is determined by the path you need to go through in order to get your data from an object (e.g. myObject.a.b.c.myData). Too many occurrences of this pattern generally decreases readability of the code, especially when indirection layer names are not meaningful. It may also reveal a lack of Oriented-Object encapsulation.

Avoid having too many unused variables

Having too many variables that are unused somewhere in your software can make the software consume more memory than it should as the resource is allocated for each declared variable, whether it is use or not during the execution. It also doesn’t help developers get clear view on effectively used variables in a program.

Top Level Functions declaring Too Many Functions is a Risk

Software ResiliencyCode Reliability How we detect Documentation coming soon... Why you should care Documentation coming soon... Business Impacts Documentation coming soon...Production Risk CAST recommendations References About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of [...]

Spaces between function name and opening parenthesis cause bugs

Software AgilityCode Readability Why you should care There should be no space between the name of a function and the ( (left parenthesis) of its parameter list, unless case of an anonymous literal function. If a function literal is anonymous, there should be one space between the word function and the ( (left parenthesis). If [...]

Builtin instructions are inadvisable because of their risky nature

Software ResiliencyProgramming Best Practices Why you should care Certain built-in commands in VB/VB.net bring about unnecessary reliability risk to applications. This unexpected application or machine behavior occurs a result of awkward/unreliable methods of handling errors and interacting with memory - that includes using pointers, forcing garbage collection, unstructured exception handling etc. Business Impacts The use [...]

Deep functions are a Production Risk in JavaScript

Software ResiliencyProgramming Best Practices Deep functions are a Production Risk in JavaScript This code insight counts one violation each time an artifact (global function or root code) has a too high depth code. Depth is evaluated throught imbrication of following structures : if, do, for, while, case, The depth threshold (max valid depth) is tuned [...]

Suspicious File Usage patterns can be risky

Software ResiliencyCode Reliability Risky catches increase production risks This code insight counts a violation each time in a single cobol source file : a sorted file (SD) is never sorted : an instruction               SD  <SORT-FILE>. is found in DATA DIVISION, but not corresponding               SORT <SORT-FILE> ....... is found in PROCEDURE DIVISION. a file [...]

File Records with no COPY Clause can be risky

Software ResiliencyProgramming Best Practices File Records with no COPY Clause can be risky This code insight count a violation each time a file record has more than one data and is not in a copy clause. Bad: 000130 DATA DIVISION. 000140 FILE SECTION. 000150 FD SALES-FILE 000160       RECORDING MODE IS F. 000170 000180 01 SALES-RECORD. [...]

EVALUATE instructions without default treatment causes Production Risk

Software ResiliencyProgramming Best Practices EVALUATE instructions without default treatment causes Production Risk This code insight counts one violation each time the statement WHEN OTHER is missing for an EVALUATE instruction. Why you should care Each EVALUATE structure should have a WHEN OTHER statement to provide a default treatment in case the program has an unexpected [...]

Multiple JSP Comments can increase costs

Software AgilityEmbedded Documentation Multiple JSP Comments can increase costs This code insight counts one violation each time too consécutive comment blocs are encountered. JSP comments <%-- are concerned as well as java comment /* or // inside a scriptlet. HTML comments are not considered. If two JSP comments are separated by HTML code (not containing [...]

Pure JSP Comments can decrease Costs

CostSoftware AgilityEmbedded Documentation Pure JSP Comments can decrease Costs This code insight counts one violation each time a scriptlet contains only java comments. This includes for example the following patterns : <% /** ... */ %> <% /* ... */ %> <% // ... %> Including cases with several comments: <% /* ... */ /* [...]

Long Lines can decrease Readability

Production RiskSoftware ResiliencyCode Reliability Long Lines can decrease Readability This code insight counts one violation each time a line of the JSP file exceed 80 characters. All lines of the file are concerned, whatever they contain : html, JSP tags, java code, etc ...     Why you should care Long lines will often extend [...]

Good declaration Order in JSP can reduce costs

Production RiskSoftware ResiliencyProgramming Best Practices Good declaration Order in JSP can reduce costs This code insight counts a violation each time a page do not conform to the following declaration layout: a JSP file consists of the following sections in the order they are listed: - Opening comments - JSP page directive(s) - Optional tag [...]

Standard SQL API increases Production Risk in JSP

Production RiskSoftware ResiliencyProgramming Best Practices Standard SQL API increases Production Risk in JSP This code insight counts one violation if there is at least one import directive: <%@ page import = "java.sql.*" %> <%@ page import = "javax.sql.*" %>     Why you should care Standard SQL APIs java.sql.* and javax.sql.* are symptoms of direct [...]

TLD Headers can reduce Production Risks

Production RiskSoftware ResiliencyProgramming Best Practices TLD Headers can reduce Production Risks This code insight counts one violation each time a TLD header do not contains: the xml version, the xml encoding the DOCTYPE statement   Why you should care A tag library descriptor (TLD) file must have a header section including the definition of the [...]

Bad attribute names can increase costs

CostSoftware AgilityEmbedded Documentation Bad attribute names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]*$ underscore allowed lowercase Why you should care The name of the class attribute does match the naming convention. This error is a stylistic warning. The code will execute. But you can [...]

Bad method names can increase costs

CostSoftware AgilityEmbedded Documentation Bad method names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]$ underscore allowed lowercase Why you should care The name of the method does match the naming convention. This error is a stylistic warning. The code will execute. But you can improve [...]

Bad function names can increase costs

CostSoftware AgilityEmbedded Documentation Bad function names can increase costs This code insight counts one violation each time the name do not complies with: [a-z_][a-z0-9_]{2,}$ underscore allowed lowercase Why you should care The name of the function does match the naming convention. This error is a stylistic warning. The code will execute. But you can improve [...]

Bad class names can increase costs

CostSoftware AgilityEmbedded Documentation Bad class names can increase costs This code insight counts one violation each time the name do not complies with: [A-Z_][a-zA-Z0-9]*$ underscore as prefix only first letter words capitalized Why you should care The name of the class does match the naming convention. This error is a stylistic warning. The code will [...]

Bad variable names can increase costs

CostSoftware AgilityEmbedded Documentation Bad variable names can increase costs This code insight counts one violation each time the name do not complies with: Constants (([A-Z_][A-Z0-9_]*)|(__.*__)) underscore allowed upercase anything delimited with double underscore Note : a constant is an identifier that is assigned at only one time in a function, method or global scope, with [...]

Short functions and identifiers increase costs

Software AgilityEmbedded Documentation Why you should care Developers tend to shorten the text required for writing code to save time and get it running. However, using short, nondescript function/variable names increases the need for excessive commenting and makes it more difficult for developers to collaborate and understand each other’s code. It also can be a [...]

Break Statements helps reduce production risk

Production RiskSoftware ResiliencyProgramming Best Practices Break Statements helps reduce Production Risk This code insight counts one violation each time a loop with a else clause do not contains any break or return statement. bad def contains_magic_number(list, magic_number): for i in list: if i == magic_number: print "This list contains the magic number." else: print "This [...]

Magic Numbers are a Production Risk

Production RiskSoftware ResiliencyProgramming Best Practices Magic Numbers are a Production Risk This code insight counts one violation each time a litteral numeric constant is encountered, that is not assigned to a constant. interger : (0|0[xX])?[0123456789ABCDEF]+([lL]? decimal : ([0-9]*\.[0-9]+|[0-9]+\.) real : [0-9]+[eE][+-]?[0-9]+ exception  one digit integer 0.0, .0, 0. 1.0 Note : a constant is a [...]

Local variables can slow Innovation

InnovationSoftware EleganceCode Complexity Local variables can slow Innovation This code insight shows that Option 2 should be implemented in Highlight. option 1: Count one violation each time a function a more than <TBD> local variables. options 2: Compute the average : total number of global variables compared to total number of functions/methods in the whole [...]

% operator to format string can cause production risk

Production RiskSoftware ResiliencyProgramming Best Practices % operator to format string can cause production risk Count one violation each time a string use the % operator. bad print("%s is %s" % ("`$`", "fine")) good print("{0} is {1}, much {1}".format("format", "better")) Why you should care Future python version will promote usage of format(). If possible, prefer using [...]

Whitespaces are a Production Risk

Production RiskSoftware ResiliencyProgramming Best Practices Whitespaces are a Production Risk Count one violation each time a format replacement field contains a whitespace. bad print "{ what} is {how it is}".format({"what": "life", "how it is": "hard"}) # Output: KeyError; the correct key would be ' what' with a leading whitespace print "{ what} is {how it [...]

Prefer single quotes over double quotes for strings, in a consistent way

Software AgilityCode Readability Why you should care Be consistent with your choice of string quote character within a file. Pick ' or " and stick with it. However, in a JavaScript context, the single quote will be preferred in order to have to escape single quotes in strings. Business Impacts Consistency is key is keeping [...]

String concatenation in loop causes production risks

Production RiskSoftware ResiliencyProgramming Best Practices String concatenation in loop causes production risks This code insight counts one violation each time an operator + or += is used with a string parameter inside a loop. Note : the rule is restricted to expression with litteral string. Variable string need semantic to be detected. bad employee_table = [...]

Trailing spaces can increase costs

CostSoftware AgilityCode Readability Missing spaces can increase costs This code insight counts one violation each time a line of code is ended with trailing whitespaces. → search all non-blank lines terminated with one or more spaces that are not inside a comment Why you should care Avoid trailing whitespace anywhere. Because it's usually invisible, it [...]

Missing spaces can increase costs

CostSoftware AgilityCode Readability Missing spaces can increase costs This code insight counts one violation each time : following operators are not surrounder with at least one space: =, += , -=, == , < , > , != , <> , <= , >= , in , not in , is , is not, and , or , not. following elements are not followed by at least one space : comma, semicolon, colon (except slice operator) Why you should care Always [...]

Extraneous whitespaces increase costs

Software AgilityCode Readability Why you should care Avoid extraneous whitespace in the following situations: Immediately inside parentheses, brackets or braces. Yes: spam(ham[1], {eggs: 2}) No: spam( ham[ 1 ], { eggs: 2 } ) Immediately before a: comma semicolon colon (except when using as slice operator) Yes: if x == 4: print x, y; x, [...]

Java-Style getters and setters can increase production risks

Production RiskSoftware ResiliencyProgramming Best Practices Java-Style getters and setters can increase production risks This code insight counts one violation each time a class define getter or setter (one of then or both) for a given member. If the implementation of the class contain the following pattern: self.<member> then a violation will be counted if the [...]

Alias agreement for imports can reduce costs

CostSoftware AgilityCode Readability Alias agreement for imports can reduce costs This code insight counts one violation each time a one of the following library is not imported with the conventionnal alias. Library -> Alias numpy -> np scipy -> sp pandas -> pd matplotlib -> mpl matplotlib.pyplot -> plt seaborn -> sns datetime -> dt [...]

Wildcard(*) imports can increase production risks.

Production RiskSoftware ResiliencyProgramming Best Practices Wildcard(*) imports can increase production risks. This code insight counts one violation each time a wildcard import is used. Violations pattern is: import * from xxx import * Why you should care In general, import statements should be as specific as possible and you should only import what you need. [...]

Multiple imports on the same line can increase costs

CostSoftware AgilityCode Readability Multiple imports on the same line can increase costs This code insight counts one violation if an "import" not preceded by a "from" contains several arguments. bad import os, sys good import os import sys from xxx import a, b Why you should care Imports should usually be on separate lines, e.g.: [...]

Methods with too many parameters can be complex

Software EleganceCode Complexity Why you should care For developers, it is important to consider that having too many arguments tends make the function excessively complex.  This increases development time as it becomes more difficult for others to use, and understand the offending sections of code. Business Impacts Having too many parameters makes it difficult for [...]

Illegal exceptions can cause Production Risks

Software ResiliencyCode Resiliency Risky catches increase production risks This code insight counts one violation each time a class whose name is ending with Exception or Error is not derived from another class whose name is ending with Exception or Error, excluding BaseException. bad class MyException(object): def __init__(self, code, message): self.code = code self.message = message [...]

Handling Exceptions should be explicit

Software ResiliencyProgramming Best Practices How we detect This code insight counts one violation each time : an except instruction is immediately followed by a colon, i.e does not specify any exception class name (case of a bare except). an except instruction is catching the BaseException class an "except Exception:" is in first position or not [...]

Using “is” for anything but singleton can increase costs

CostSoftware AgilityCode Readability Using "is" for anything but singleton can increase costs Count one violation each time one of the operand of is (or is not) is not None, True or False. Why you should care Testing the identity of two objects can be achieved in python with a special operator called  is. Most prominently [...]

‘Not…is’ syntax can be unreadable

CostSoftware AgilityCode Readability 'Not...is' syntax can be unreadable Count one violation each time the not ... is syntax is encountered. bad some_list = None if not some_list is None: do_something() good some_list = None if some_list is not None: do_something() Note: there is no violation if the operators "and", "or", && or || are between [...]

Explicit comparison to singleton can be unreadable

CostSoftware AgilityCode Readability Explicit comparison to singleton can be unreadable This code insight count one violation each time a condition use an explicit comparison to "none", "false" or "true" (using operators == or !=). Bad: if number == None: print("This works, but is not the preferred PEP 8 pattern") if number ! = None : [...]

Suspicious Comments can increase costs due to their suspicious nature

Software AgilityEmbedded Documentation Why you should care Avoid (in production code) comments that reveals that the code could not be finalized or not mature. Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. Cost CAST Recommendations References Style Guide How we detect Count one [...]

Low commented code rates increase time and effort

Software AgilityEmbedded Documentation Why you should care Commented code lines rate is the percentage of lines of codes that are preceded with at least one line of comment. Comments are essential in every programming language for summarizing, communicating and clarifying sections of code - in order to assist others working on an application. Low commented [...]

Inline comments can increase costs

CostSoftware AgilityEmbedded Documentation Inline comments can increase costs Count one violation each time an instruction statement is followed by a comment on the same line. bad : x = y + z # This is a trailing comment that can become hard to read. good: # A comment before the actual code, is better readable [...]

Uncommented functions or methods increase costs

CostSoftware AgilityEmbedded Documentation Uncommented functions or methods increase costs Count one violation each time a function or method do not have a docstring as first instruction: bad : def area (width, height) : return width * height good: def area (width, height) : """ Returns the area of a rectangle. """ return width * height [...]

Uncommented Classes increase costs

CostSoftware AgilityEmbedded Documentation Uncommented Classes increase costs Count one violation each time a class do not have a docstring as first instruction: bad : class CustomException (Exception) : def __init__ (self, msg, code) : self.msg = msg self.code = code good: class CustomException (Exception) : """Raise when some custom event did not occur.""" def __init__ [...]

Nested loops can slow down innovation

InnovationSoftware EleganceCode Complexity Nested loops can slow down innovation This code insight establishes that functions, procedures and triggers should not have too many parameters. Depending on thresholds observed in the benchmark of thousands of applications and billions lines of code, Highlight accounts penalty points to the given scanned files. Why you should care Business Impacts Complex [...]

Too many nested Loops decreases innovation

InnovationSoftware EleganceCode Complexity Too many nested Loops decreases innovation Count number of loops inside another loop.     Why you should care   Business Impacts Complex code can slow down Innovation Innovation CAST recommendations References About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement [...]

Declaring too many functions can make Javascript code complex

Software EleganceCode Complexity Why you should care A JavaScript file should not declare an excessive number of functions since a higher number of functionalities declared in a module increase the complexity of this module and slows down the effectiveness of the code. Too many functions can also lead to bigger file sizes which leads to reduced [...]

Too many classes without same name as file name can increase costs

CostSoftware AgilityCode Readability Too many classes without same name as file name can increase costs This code insight searches all the classes not having the same name as the file. Why you should care Having the naming conventions make the source code more easy to ready and so to maintain.  Try to reduce the number [...]

Too many elseif statements increases costs

CostSoftware AgilityCode Readability Too many elseif statements increases costs This code insight searches all the Functions and Methods  having an Elseif statements. Why you should care For the readability reasons else and if should be used instead of ElseIf.  Try to reduce the number of Functions and Methods having elIf statement and review the source [...]

Inconsistencies in @throws tags can increase costs

CostSoftware AgilityCode Readability Inconsistencies in @throws tags can increase costs This code insight searches all the function that throws functions without having a @throws tag. Verifies : 1 - that a @throws tag exists for a function that throws exceptions. 2 - the number of @throw tags and the number of throw tokens matches. 3 [...]

Missing comments can increase costs in PHP

CostSoftware AgilityEmbedded Documentation Missing comments can increase costs in PHP This code insight searches all the File not respecting the nameing convention. Functions, interfaces and classes closing bracket should be commented. Search for corresponding comment pattern : // end class // end interface // end method xxx() Why you should care For correctness reasons, the [...]

Increment/Decrement Operators can increase costs

CostSoftware AgilityCode Readability Increment/Decrement Operators can increase costs This code insight searches all the artifacts having increment/decrement operators. Increment and decrement operators 1) cannot be used in an arithmetic operation. Ex of violation : $id = --$i - $x; 2) must be bracketed when used in string concatenation. Ex of violation : $id = $id.'_'.$i++;    [...]

Unused function parameters can make code unreadable

This code insight searches all the Function and Methods having unused parameters.
Review the source code in order to try to reduce the number of Functions
and Methods having unused parameters.

Ternary operators in Java can make code unreadable

CostSoftware AgilityCode Readability Ternary operators in Java can make code unreadable This code insight counts one violation each time a ternary operator is encountered. Note : Do not confuse with question mark used as wildcard for unknow generic type. bad String data = (str.contains("A") ? "Str contains 'A'" : "Str doesn't contains 'A'"); good void [...]

Having too many class definitions in Java can be unreadable

Software AgilityCode Readability Having too many class definitions in Java can be unreadable This code insight counts one violation each time a ternary operator is encountered. Note : Do not confuse with question mark used as wildcard for unknow generic type. bad String data = (str.contains("A") ? "Str contains 'A'" : "Str doesn't contains 'A'"); [...]

Too many uses of ternary operators can increase costs

CostSoftware AgilityCode Readability Too many uses of ternary operators can increase costs Count one violation each time the operator (... ? ... : ...) is used. Grep "?" character except in java when it is involved in a wildcard notation (<?) of generic types. Example : are excluded "List<?>" or "List<? extends T> Why you [...]

Too many class implementations can increase costs

CostSoftware AgilityCode Readability Too many class implementations can increase costs Count the number of distinct classes involved in the scope of implemented methods. ex : MyNamespace::MyClasse1::MyMethods () {...} MyClasse2::MyMethods () {...} Why you should care Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. [...]

Too many class definitions can cause agility issues

CostSoftware AgilityCode Readability Too many class definitions can cause agility issues This code insight counts number of classes definition pattern : class xxx { template <...> class xxx { Why you should care Business Impacts It is recommended to avoid these in order to ensure the code is more readable and cost effective. Cost CAST [...]

While Loops are more productive than For Loops

Software ResiliencyCode Reliability While Loops are more productive than For Loops This code insight searches all the artifacts having for loops which can be simplified to a while loop. For loops that do not have Init nor Update part : for ( ;cond; ) Remedy - Try to reduce the number of the artifacts having [...]

Constructors with a return value can be unproductive in PHP

Production RiskSoftware ResiliencyCode Reliability Constructors with a return value can be unproductive in PHP This code insight counts a violation each time the script has a constructor with a return value " <?php class foo { function foo(){ $error = ''; // is set when something goes wrong // things that can go wrong return [...]

Having empty statements can be unproductive in PHP

Software ResiliencyCode Reliability Having empty statements can be unproductive in PHP This code insight counts a violation each time an empty statement is detected in PHP <?php statement1 { // comment //Violation } statement2 (conditions) { // comment //Violation } } } Remedy - Modify the source code to reduce the number of artifacts containing [...]

Too many functions with default value parameters are unproductive

Software ResiliencyCode Reliability Too many functions with default value parameters are unproductive This code insight counts a violation each time parameter has a default value "class CastTest { public function addData( $param0, $param1, $param2, $param3, $param4, $param5, $param5, $param6, $param7, $param8, $param9, $param10) { } }" Why you should care Long parameter lists can indicate [...]

Having an assignment to “this” can be unproductive

Production RiskSoftware ResiliencyCode Reliability Having an assignment to "this" can be unproductive This code insight counts a violation each time the PHP script has an assignment to "this" "This report lists all the Classes containing assignements to '$this'. It provides the following information: Class full name." Remedy - Modify the source code and do not [...]

Using “instanceOf” causes Production Risk

Software ResiliencyCode Reliability How we detect This code insight counts a violation each time an "instanceOf" is utilized public final class BadInstanceOf { public static void doSomething(Animal aAnimal){ if (aAnimal instanceof Fish){ Fish fish = (Fish)aAnimal; fish.swim(); } else if (aAnimal instanceof Spider){ Spider spider = (Spider)aAnimal; spider.crawl(); } } // PRIVATE // private static [...]

Switch cases without ending breaks are hard to understand

Software ResiliencyCode Reliability Why you should care Although Switch cases do not require ending breaks after the default statement, It is recommended to end every branch with a return, or break statement, for the following reasons -   Refactorability - Branches ending with break or end can be easily reordered without having their changing their [...]

Too many global variables can be unproductive

Software ResiliencyCode Reliability Why you should care Global variables should be encapsulated in a class and doing so can make code more productive. Business Impacts Production Risk CAST Recommendations References https://stackoverflow.com/questions/9765942/space-after-function-name-is-wrongStyle Guide How we detect This code insight counts a violation each time there are too many global variables int m_iGlobal = 0; void m() [...]

Memory leaks in C++ is a huge production risk

Production RiskSoftware ResiliencyCode Reliability Memory leaks in C++ is a huge production risk This code insight counts a violation each time a Call free or delete to free the memory.  List all locations where a memory allocation is created (malloc/calloc/realloc, new, and std::auto_ptr.release()) that is not freed (using free or delete). void f() { int [...]

Inconditional branches are unproductive in C++

Production RiskSoftware ResiliencyCode Reliability Inconditional branches are unproductive in C++ This code insight Count one violation each time one of the following keywords is encountered : continue, goto, break. Exception : break at end of "case" statements.   Why you should care Inconditional branches can lead to loss of productivity and necessary optimizations in the [...]

Too many classes with missing destructors can be unproductive

Production RiskSoftware ResiliencyCode Reliability Too many classes with missing destructors can be unproductive This code insight counts a violation each time too many classes with missing destructors are detected.   Why you should care Classes with missing destructors can make the code unproductive. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s [...]

Too many classes with missing constructors can be risky

Production RiskSoftware ResiliencyCode Reliability Too many classes with missing constructors can be risky This code insight counts a violation each time C++ has too many classes with missing constructors Why you should care Too many classes with missing constructors can be unproductive. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s Code [...]

Incorrect dynamic class definition can be non-resilient

Production RiskSoftware ResiliencyCode Reliability Incorrect dynamic class definition can be non-resilient This count insight counts a violation in this non-compliant code example, the function A<int>::f2() is ill-formed because int is not a class and does not have a member named x. Clearly the designer of template A did not intend it to be applied to [...]

Macro definitions cause resiliency issues

Production RiskSoftware ResiliencyCode Reliability Macro definitions cause resiliency issues This code insight counts one violation each time a macro without parameters defines a literal constant. Literal constants are number, character or strings : - numbers, possibly preceded with . or \ - characters enclosed with ' - strings, enclosed with ' or " Exemple of [...]

Classes with missing destructor declarations can be unproductive

Production RiskSoftware ResiliencyCode Reliability Classes with missing destructor declarations can be unproductive This code insight highlights a violation when a class has missing destructor declarations class Vehicle { public: Vehicle(); virtual ~Vehicle(); void start(); void stop(); virtual void run(); protected: Engine* theEngine; }; class Car : public Vehicle { public: Car(); ~Car(); // VIOLATION protected: [...]

Single quote strings keeps code consistent and productive

Software ResiliencyCode Reliability Single quote strings keeps code consistent and productive This code insight counts a violation each time a string is enclosed with double quotes, except if the string contains single quotes within double quotes. bad: "it is a bad string" "it is a \"bad\" string" good: "it ' s a good string" var [...]

Array literals are less risky than Array constructors in JavaScript

Software ResiliencyCode Reliability Array literals are less risky than Array constructors in JavaScript This code insight counts one violation each time "new array(...)" is encountered. bad : Length is 3 : var a1 = new Array(x1, 1.2, "string"); Length is 2 : var a2 = new Array(x1, x2); Length is x1 or error if not [...]

Too many “for in” loops is risky

Software ResiliencyCode Reliability Why you should care Since each iteration through the loop results in a property lookup either on the instance or on a prototype, the for-in loop has considerably more overhead per iteration and is therefore slower than the other loops. For the same number of loop iterations, a forin loop can end [...]

Missing Semicolons in JavaScript can be very unproductive

Software AgilityCode Reliability Why you should care Relying on implicit insertion can cause subtle, hard to debug problems. Don’t do it.  There are a couple places where missing semicolons are particularly dangerous: MyClass.prototype.myMethod = function() {     return 42; }  // No semicolon here. (function() {     // Some initialization code     // [...]

Simplified Syntax can be unproductive in KSH

Software ResiliencyCode Reliability Why you should care Using the simplified, but deprecated/discouraged commands in shell scripts can lead to minor unpredictability and less feature flexibility. It is better practice to stick to the established alternatives to these two commands, for readability, consistency and expansion. Why you should care Using certain syntax in shell, like these [...]

Having too much Spaghetti Code can be risky

Software ResiliencyCode Reliability Having too much Spaghetti Code can be risky This code insight counts one violation each time the keywords break and continue are encountered. Why you should care Avoid unstructured jumps introduced by instructions that interrupt the control flow. Business Impacts Production Risk CAST recommendations References https://www.tutorialspoint.com/sql/sql-transactions.htm About CAST and Highlight’s Code Insights [...]

Leaving arguments unchecked hinders progress

Software ResiliencyCode Reliability Why you should care Checking arguments is a critical component of Shell script. The $# variable indicates the number of arguments.  If this variable is improperly implemented, then the arguments are left unchecked which can lead to improper execution and bugs in the code. Business Impacts Leaving arguments unchecked on multiple shell [...]

No explicit EXIT instruction in last statement in KSH can be risky

Production RiskSoftware ResiliencyCode Reliability No explicit EXIT instruction in last statement in KSH can be risky This code insight counts one violation each time the last instruction of the script is not EXIT. Why you should care If no exit is used, the default behaviour is to exit with the return code of the last [...]

Methods as functions tend to be unproductive

Production RiskSoftware ResiliencyCode Reliability Methods as functions tend to be unproductive This code insight counts one violation each time a method : has no @staticmethod decorator and no "self" as first argument has @classmethod decorator and no "cls" as first argument class Rectangle: # should be preceded by @staticmethod here def area(width, height): return width [...]

Explicit return in __init__ is Unproductive

Software ResiliencyCode Reliability Explicit return in __init__ is Unproductive This code insight counts one violation each time a return statement is encountered in a __init__ method. Why you should care __init__ is a special Python method that is automatically called when memory is allocated for a new object. The sole purpose of __init__ is to initialize the values of instance [...]

Magic Methods in Python can be Risky

Production RiskSoftware ResiliencyCode Reliability Magic Methods in Python can be Risky This code insight counts one violation each time a magic method is called, except if it is in the body of a magic method. bad first_names = ["eve", "lisa", "robert", "paul", "alice"] if first_names.__contains__("robert"): print("list of first names contains robert") good example 1 first_names [...]

Having + for list concatenation

Production RiskSoftware ResiliencyCode Reliability Having + for list concatenation This code insight counts one violation each time a "+" operator is involved in list concatenation. Why you should care Extending a list through a reassignment is not recommended since Python offers other solution for that task with significant performance benefits. Business Impacts Production Risk CAST [...]

Long try blocks can cause risk in code

Production RiskSoftware ResiliencyCode Reliability Long try blocks can cause risk in code This code insight computes the integer part of the average size of all "try" block in number of lines of code. For one "try" block, count the number of line of code between the "try" keyword and the first "except" keyword. Example : [...]

Importing naming collisions can cause risks

Production RiskSoftware ResiliencyCode Reliability Importing naming collisions can cause risks This code insight Counts one violation each time a name collision  is encountered: pattern 1: from xxx import yyy from zzz import yyy pattern 2: from xxx import yyy as zzz from aaa import bbb as zzz pattern 3: import yyy as zzz import bbb [...]

Global Variables can easily change module behavior

Production RiskSoftware ResiliencyCode Reliability Global Variables can easily change module behavior This code insight counts one violation each time global variable is declared, unless its name is uppercase. Why you should care Avoid global variables. Variables that are declared at the module level have the potential to change module behavior during the import, because assignments [...]

Empty and Implicit Returns cause resiliency issues.

Production RiskSoftware ResiliencyCode Reliability Empty and Implicit Returns cause resiliency issues. This code insight Counts one violation each time a function has at least one significant return (expression different from nothing, none or false) and in the same time :  at least one empty return OR an implicit return in place of the last statement. [...]

Conflicts in Local / Global Variables can be Unproductive

Software ResiliencyCode Reliability Conflicts in Local / Global Variables can be Unproductive This code insight counts one violation each time a global variable is assigned in a function, because the variable has the same name. In python, variables are created after receiving their first allocation, so with the following pattern : <identifiers> = bad <xxx> = [...]

Unused arguments are quite risky for the code.

Production RiskSoftware ResiliencyCode Reliability Unused arguments are quite risky for the code. This code insight counts one violation each time a function parameter is not used. Why you should care An argument of a function or method is not used in its body. This error is not critical, but considered bad style. Business Impacts   [...]

Always call ancestor to avoid risks in Python code

Production RiskSoftware ResiliencyCode Reliability Always call ancestor to avoid risks in Python code This code insight counts one violation each time an __init__ method is not calling its ancestor. In a class declared like: class childClass (parentClass): ...def __init__(self): ...... The body of the __init__ function should contain the one of the following statements : [...]

Multiple Significant Returns are risky for the code

Production RiskSoftware ResiliencyCode Reliability Multiple Significant Returns are risky for the code This code insight counts one violation each time a function has several meaningful return statements. Meaningful return statements are returning an expression different from <nothing>, None and False. Why you should care When a function grows in complexity it is not uncommon to [...]

Unused imports cause risks in code

Production RiskSoftware ResiliencyCode Reliability Unused imports cause risks in code This code insight counts one violation each time a import is nerver used. Why you should care Usually, when this issue is encountered, it means that you began implementing a module but did not finish it. Other times, you might have refactored a module, but [...]

Unused variables can cause risks in code

Production RiskSoftware ResiliencyCode Reliability This code insight shows that Unused variables can cause risks in code Counts one violation each time local variable is initialized but never used. bad def area(width, height): a = width * height # todo: implement logging using variable a return width * height good def area(width, height): return width * [...]

How is technical debt affecting your compound interest with your customers?

Guest post by Natalie Warnert   By definition, debt is incurred when we get something upfront and pay for it later. My father used to have an anecdote where he’d say, “I’ll gladly pay you Tuesday for a hamburger today” (and how I wish you could hear the inflection he would say it in). When […]

Automatic numbering increases costs

CostSoftware AgilityCode Readability Automatic numbering increases costs This code insight counts one violation each a string contains empty format replacement fields. bad print "{} is {}".format("life","hard") good print "{0} is {1}".format("life","hard") Why you should care If you are not numbering your replacement fields {} in your format string, Python auto-numbers them. For example, using "{} [...]

Backslash line continuation makes code less readable

CostSoftware AgilityCode Readability Backslash line continuation makes code less readable This code insight shows that each time a backslash is the last non blank character of a line. Bad my_very_big_string = """"""For a long time I used to go to bed early. Sometimes, \ when I had put out my candle, my eyes would close [...]

len() as upper boundary makes code less readable

CostSoftware AgilityCode Readability len() as upper boundary makes code less readable This code insight shows that Python tries to make the task of slicing lists and numpy.arrays as convenient as possible. If one needs a slice which reaches till the end of the object the upper boundary can be left empty. When negative numbers are [...]

Multiline Conditional Expressions should be avoided

CostSoftware AgilityCode Readability Multiline Conditional Expressions should be avoided This code insight counts one violation each time a multiline conditional expression is encountered. bad x = 1 if cond else 2 good x = 1 if cond else 2 Why you should care Conditional expressions are mechanisms that provide a shorter syntax for if statements. [...]

Improper Indentation can reduce readability

CostSoftware AgilityCode Readability Improper Indentation can reduce readability This code insight shows that improper indentation can reduce readability Why you should care Per the PEP 8 Style Guide, all Python code should be consistently indented with 4 spaces for each level of indentation, not tabs. Business Impacts It is recommended to avoid bad indentation to [...]

Avoid Main Procedures not having an ON ERROR clause

CostSoftware AgilityCode Readability Avoid Main Procedures not having an ON ERROR clause This code insight shows that not managing errors can lead to data corruption and incorrect behavior, even if the error is managed through specific architecture. Why you should care Business Impacts Cost CAST recommendations References http://psoug.org/definition/END.htm About CAST and Highlight’s Code Insights Over [...]

Avoid unused Function parameters (PHP)

CostSoftware AgilityCode Readability Avoid unused Function parameters (PHP) This code insight advises that for readability reasons, Functions should not have unused parameters. Review the source code to try to reduce the number of Functions and Methods containing unused parameters. Why you should care Business Impacts Cost CAST recommendations References http://psoug.org/definition/END.htm About CAST and Highlight’s Code [...]

Missing default in switch statements can cause Production Risk

Software ResiliencyProgramming Best Practices Missing default in switch statements can cause Production Risk This code insight ensures that the keyword "default" is executed when none of the conditions being tested for in the switch statement are met or executed. Having no default keyword, means that there is no backup. The cases that are "impossible" today [...]

Avoid using SELECT … ENDSELECT statement

Production RiskSoftware ResiliencyProgramming Best Practices Avoid using SELECT ... ENDSELECT statement   This code insight shows that The SELECT ... ENDSELECT works as a loop fetching single record for every loop pause. Basically, it works like a client cursor which will generate too much traffic on the network and communications between the application server and [...]

Avoid using “SELECT DISTINCT”, use DELETE-ADJACENT

Production RiskSoftware ResiliencyCode Reliability Avoid using "SELECT DISTINCT", use DELETE-ADJACENT   This code insight ensures for performance reason, if some of the fields are not part of an index, then it is often better to avoid using SELECT DISTINCT. Why you should care Business Impacts Production Risk CAST recommendations References https://technet.microsoft.com/en-us/library/ms187009(v=sql.105).aspx About CAST and Highlight’s [...]

Avoid using dynamic queries

Production RiskSoftware ResiliencyProgramming Best Practices Avoid using dynamic queries   This code insight shows that dynamic queries are difficult to test and can decrease the code understanding. Moreover, include dynamic coding in UI components can generate security issues if the content of the dynamic clauses is not filtered properly. Why you should care Avoid using [...]

Avoid Main Procedures having complex queries

Production RiskSoftware ResiliencyCode Reliability Avoid Main Procedures having complex queries This code insight shows that having complex queries in SQL Artifacts can cause performance problems. Why you should care Business Impacts Production Risk CAST recommendations References https://technet.microsoft.com/en-us/library/ms187009(v=sql.105).aspx About CAST and Highlight’s Code Insights Over the last 25 years, CAST has leveraged unique knowledge on software [...]

Avoid classes overriding only equals() or only hashCode()

Production RiskSoftware ResiliencyProgramming Best Practices Avoid classes overriding only equals() or only hashCode() This code insight reports all classes that override only boolean equals(Object) or only int hashCode() . Why you should care Often classes are used in HashMap to provide an efficient storage and retrieval. The Java platform architects anticipated the importance of hash-based [...]

Type() can hamper productivity

Production RiskSoftware ResiliencyCode Reliability Type() can hamper productivity This code insight detects each time type() is used in code Why you should care The function isinstance is the best-equipped to handle type checking because it supports inheritance (e.g. an instance of a derived class is an instance of a base class, too). Therefore  isinstance should be used [...]

Truncate tables compromise backups

Production RiskSoftware ResiliencyCode Reliability Truncate tables compromise backups This code insight detects the total number of database objects containing code: SP, Functions, and Triggers.  Why you should care Although "truncate table" statement can be desirable under some circumstances from a performance point of view it is problematic because deletion are not logged. Thus the log [...]

The code contains too many includes.

InnovationSoftware EleganceCode Complexity The code contains too many includes. This code insight lists all Abap Programs using too many Includes. It provides the following information: Abap Program fullname, number of Includes  Why you should care High number of Includes decreases the visibility in terms of data definitions and processes. Program maintenance will become difficult. Business [...]

Nested Loops cause performance issues

Software EleganceCode Complexity Why you should care If the amount of data is large, nested loops are fully avoided due to performance issues. If the program is extracting small amount of data, then focus on SELECT statements than nested loops. The indexed loop and READ statement using binary search are the best methods to avoid [...]

Explicit Option makes declaring variables easier

Software ResiliencyCode Reliability Why you should care VB has specific behavior that enable the developer to use variables even if these variables have not been previously declared and typed. However, it is possible to avoid this default behavior using the Option Explicit : in this case, all variables will require a declaration prior use. This [...]

Crossing the Parameter limit can cause bugs

Software EleganceCode Complexity Why you should care Parameters are used to pass data between a stored procedure and the batch or script. It results in executing the stored procedure. Each Parameter has a limit, known as a Parameter limit, which is hard-coded per stored procedure. The Parameter limit, in an SQL server, is 2,100. This [...]

Manage transactions when changing tables

Software ResiliencyCode Reliability Why you should care Transactions are vital in SQL as one of them is the representation of one or more changes to the database. For instance, anytime a record is created, updated or deleted in the database, a transaction is performed in that database. Therefore, it is recommended to manage transactions as [...]

Avoid classes using incorrect dynamic allocation

Avoid classes using incorrect dynamic allocation Software ResiliencyProgramming Best Practices This code insights verifies classes that don't use dynamic allocation correctly, i.e. without constructors by copy or without allocation operator. Depending on the density of occurrences and specific thresholds, Highlight counts penalty points to the scanned file. Why you should care Classes with incorrect dynamic [...]

Avoid classes with missing destructor declarations in header files

Avoid classes with missing destructor declarations in header files Software ResiliencyProgramming Best Practices This code insight verifies in C++ applications if classes in header files (.h) haven't declared destructors. Highlight counts one occurrence for each missing class destructor found in a header file. Why you should care In some cases, missing class destructors can lead to memory leaks, [...]

Avoid macros defining constants

Avoid macros defining constants Software ResiliencyCode Reliability This code insight verifies in C++ applications when macros without parameters define a literal constant. Depending on the density of occurrences and the thresholds set for this code insight, Highlight counts penalty points for the scanned file. Literal constants are numbers, characters or strings (numbers, possibly preceded with . or \, characters [...]

Lack of multiple-inclusion protection in header files

Lack of multiple-inclusion protection in header files   Software ResiliencyProgramming Best Practices This code insight verifies in C++ applications that header files (.h) are protected against multiple inclusion. If a header file is not using the appropriate syntax, Highlight counts an occurrence. Why you should care The basic use of header files is to provide [...]

Too many unconditional branches may end to Spaghetti Code

Too many unconditional branches may end to Spaghetti Code Software ResiliencyProgramming Best Practices This code insight counts the number of unconditional branches (e.g. GOTO, continue, break except if it is at end of a 'case statement'...). Highlight counts penalty points contributing to the Software Resiliency health factor, depending on the density of this pattern you should ideally have in [...]

Using {curly braces} is less error-prone

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

RETURN should be used to terminate a database query or a stored procedure

Software ResiliencyCode Reliability Why you should care The RETURN statement is useful as it terminates a query, stored procedure or batch. When used in a stored procedure, the RETURN statement specifies an integer value to return to the calling application, batch, or procedure. If no value is specified then the stored procedure returns the value [...]

Avoid using risky patterns too frequently

Software ResiliencyProgramming Best Practices Why you should care Some specific code syntaxes, even if they compile and don't make a software crash directly, are not recommended mainly for two reasons: They're often obscure and/or implicit and could definitely lead to misinterpretations by junior developers, which frequently means unexpected bugs when the code is modified When [...]

Native Dynamic SQL is easier to use than DBMS SQL.

Native Dynamic SQL is easier to use than DBMS SQL. Software ResiliencyProgramming Best Practices This code insight shows that PL/SQL provides two ways to write dynamic SQL: Native dynamic SQL, a PL/SQL language (that is, native) feature for building and executing dynamic SQL statements DBMS_SQL package, an API for building, executing, and describing dynamic SQL [...]

End keyword highlights end of execution

Software AgilityCode Readability Why you should care The END keyword is useful as it terminates a PL/SQL block. This keyword is found at the end of procedures, functions, packages, triggers, blocks or any type of body where an executable action is performed. In other words, it signifies the end of execution of a block. Business [...]

A Return Statement in the middle of a command makes it unreadable

Software ResiliencyProgramming Best Practices Why you should care The RETURN statement is useful as it terminates a query, stored procedure or batch. When used in a stored procedure, the RETURN statement specifies an integer value to return to the calling application, batch, or procedure. If no value is specified then the stored procedure returns the [...]

Mixing DDL & DML operations can cause recompilation

Software EleganceCode Complexity Why you should care Developers do not recommend mixing DDL and DML Operations. They are generally avoided because such mxing can cause a Recompile which results in resetting the code differently and causing a mess in the process. It is recommended to place all DDL statements at the top of the stored [...]

Object Qualification improves readability

Software AgilityCode Readability Why you should care Object Qualification is the process of determining whether a persistent object satisfies a set of specified conditions. It is typically performed as part of a search operation that finds a group of persistent objects based on the values of one or more of their attributes. It is tested [...]

Conditional expressions should not be too complex

Software EleganceCode Complexity Why you should care Having complex conditional expressions in your software might slow down your development team to quickly evaluate if and how the code will be run within these conditions. In addition, if conditions are misunderstood because there are too complex (especially when additional native functions like “!empty” or “!isset” makes [...]

Empty Catches may cause security risks

Software ResiliencyProgramming Best Practices Why you should care Most developers contend that it’s not ideal to have an empty catch block. Empty Catch is the cause of an exception occurring where nothing happens and the program fails. When such an exception occurs, it can be thrown up to the caller, or caught in catch block. [...]

Not all Tag libraries should be imported

Software ResiliencyProgramming Best Practices Why you should care A tag library defines a collection of custom actions. The tags can be used directly by developers in manually coding a JSP page, or automatically by Java development tools. A tag library must be portable between different JSP container implementations. If the tag library is not utilized, [...]

Documentation facilitates Code Maintainability

Software AgilityCode Readability Why you should care Documentation is useful as it helps maintaining and embedding the code well. Undocumented code causes problems in the code by decreasing agility and maintenance reduction. Business Impacts Documenting code is advised as it allows for the code to be better maintained which frees up the code from potential [...]

Less efficient datatypes cause interchangeability issues

Software ResiliencyProgramming Best Practices Why you should care Every constant, variable, and parameter has a datatype (or type) which specifies a storage format, constraints, and valid range of values. PL/SQL provides a variety of predefined datatypes which tend to be inefficient in nature. It’s recommended to use efficient practices over inefficient types to ensure the [...]

Comparison operators compare values

Software ResiliencyProgramming Best Practices Why you should care This is important since Javascript has comparison operators such as “regular equality” (==) and “is not equal to” (!=) which compares two values (strings, numbers, boolean operands and so forth) for equality. With “regular equality”, two values are set to identical after being converted to a common [...]

eval() evaluates statements

Software ResiliencyCode Reliability Why you should care Eval() is a function property of the global object. The argument of the of the eval() function is a string. If the string represents an expression, eval() evaluates the expression. If the argument represents one or more JavaScript statements, eval() evaluates the statements. Do not use eval() to [...]

Local variables allows variables to be relegated to a function

Software AgilityCode Readability Why you should care Local Variables occurs when a typeset statement is used inside a function definition and the respective variables involved all become ‘local’ to that function (in addition to any properties that may take on as a result of typeset options.) The ability to define variables that are local to [...]

Avoid dangerous types

C/C++ (MISRA)PL/SQLC/C++ (MISRA)Software ResiliencyCode Reliability Why you should care The basic numerical types of char, int short, long, float, double, and long double should not be used directly to declare variable. This is because their storage size is machine dependent, and so for portability consideration, specific-lengths typedefs types should be used instead. Example of usefull [...]

SELECT clauses with many columns tend to be complex in nature.

Software EleganceCode Complexity Why you should care Artifacts with a SELECT clause tend to be complex in nature as SELECT clauses with many clauses are difficult to read and does not help the reader in identifying the columns that can be retrieved. Also a query that retrieves many columns can potentially cause performance problems as [...]

Deprecated features makes code less resilient

Software ResiliencyProgramming Best Practices Why you should care Deprecated features are usable but should not be used because they are expected to be removed entirely in the near-future and placing them in the code can cause potential bugs and be less resilient. Business Impacts Deprecated features are considered to be highly risky and unproductive in [...]

File Naming Convention (FNC) helps in organization

Software AgilityCode Readability Why you should care File Naming Convention helps one stay organized by making it easy to identify the file(s) that contain the information from its title and by grouping files that contain similar information close together. It also helps others better understand and navigate through one’s code. Business Impacts File Naming Convention [...]

Specify precision otherwise error occurs

Software ResiliencyCode Reliability Why you should care Specify precision which is the total number of digits, and scale, which is the number of digits to the right of the decimal point. The range of a Char variable is from 1 to 32767 bytes. When the expression falls outside this range, it is no longer precise [...]

The first line activates the KSH interpreter

Software ResiliencyProgramming Best Practices Why you should care The first line is useful as it tells the OS what interpreter to invoke in order to run the script. In this case, the interpreter is the KSH interpreter. Without this line, the KSH interpreter cannot used to run this script. Business Impacts The first line in [...]

Variable declaration creates an instance in the class

Software ResiliencyProgramming Best Practices Why you should care It is important to remember that KSH uses variables and parameters to store values.  It also supports data types and arrays.  The four data types KSH supports include string, integer, float and array.  If a data type is not defined then KSH assumes the variable is a string. Usually KSH [...]

Symmetrical listing allows for better understanding and bug prevention

Software AgilityCode Readability Why you should care It is recommended to have the list be symmetrical as it allows for the code to be readable and understandable by the user as well allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes. Business Impacts It is advised to give careful attention [...]

Correct indentation allows for better understanding and bug prevention

Software AgilityCode Readability Why you should care It is recommended to correctly indent the lines as it allows for the code to be readable and understandable by the user as well allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes. Business Impacts Ensuring that lines are properly indented allows for [...]

Short local variables could lead to bugs and misinformation

Software AgilityCode Readability Why you should care It is recommended to ensure local variables not short as it allows for the code to be readable and understandable by the user as well as allow for increased efficiency and accessibility. It also helps prevent possible bugs and crashes Business Impacts Managing the length local variables allows [...]

Avoid Backslash to continue command

Software AgilityCode Readability Why you should care With line-oriented text, the backslash is used at the end of a line to indicate that the trailing newline character is to be ignored. In other words, with the backslash, the following line belongs on the same line as the line prior. As in they are both on [...]

HTML comments do not add to user-friendliness

Software AgilityEmbedded Documentation Why you should care Adding comments to the HTML code generally provides assistance to the developer but provides little practical use to the client as it does not increase user-friendliness since having commentaries on the source page could be a bit unnecessary. Business Impacts It is recommended to avoid Incorporating HTML comments [...]

Pipes are an inefficient way of dealing with commands

Software ResiliencyProgramming Best Practices Why you should care Pipes take the output of one command and put it on the input of another command. They can also be strung together. This way, one can find matches in a particular pattern in their name AND have a particular IP address range. However the disadvantage is that [...]

Too many pipe commands cause inefficiency

Software ResiliencyProgramming Best Practices Why you should care Having too many pipe commands could result in code inefficiency as well as possible entry of bugs and crashes in the code due to increased stringing and redirections as a result. Business Impacts Using pipes in a program can be a risky decision as it tends to [...]

CASE is better to understand than DECODE

Software ResiliencyProgramming Best Practices Why you should care The DECODE function belongs to PLSQL and has the functionality of an IF-THEN statement. It’s syntax is as follows DECODE( expression , search , result [, search , result]…[, default] ) expression – The value to compare search – The value is compared against expression result – [...]

Javabeans & Tags are useful in JSP as they encapsulate

Software ResiliencyProgramming Best Practices Why you should care It is recommended to use Javabeans and tags as Java Beans are good general-purpose objects that encapsulate information and states in a portable setting while allowing for its’ properties, events and methods can be controlled as they are exposed to an application builder tool. JSP tags are [...]

Short code identifiers worsens collaboration

Software AgilityEmbedded Documentation Why you should care Short identifiers were in existence as early variable mnemonics were limited to as few as six to eight characters leading to many developers abbreviating concepts in their variable names. However, in the past thiry years since 2009, there has been a steady increase in permitted name length and [...]

Empty Catches cause code errors & unreliability

Software ResiliencyProgramming Best Practices Why you should care When an exception occurs during programming, it is usually caught in a catch block. Empty catch is when an exception occurs but the program fails because nothing occurs. As a result, they are a common source for obtaining errors in the code, and then executing these errors. [...]

GoTo is primitive & outside one’s control

Software ResiliencyProgramming Best Practices Why you should care The GOTO statement branches unconditionally to a statement label or block label. The label must be uniqe within its scope and precede an executable statement. The issues with GoTo however is its repetitive and superflous nature. It also enlongates the conceptual phase between the static prgram and [...]

Semicolon is used to terminate statement

Software ResiliencyCode Reliability Why you should care Semicolons are utilized in PLSQL to terminate a statement. Without it the statement is not terminated and sends back an error. Business Impacts Semicolons are essential to any code that runs a working program. Without it, the code does not work. Production Risk CAST Recommendations References http://www.toadworld.com/platforms/oracle/w/wiki/1767.plsql-semicolon-delimiter-plf4Style Guide [...]

Untrusted data can be prevented by validation

Software ResiliencyCode Reliability Why you should care Transactions are vital in SQL as one of them is the representation of one or more changes to the database. For instance, anytime a record is created, updated or deleted in the database, a transaction is performed in that database. Therefore, it is recommended to manage transactions as [...]

EXIT closes the entire script

Software EleganceCode Complexity Why you should care EXIT instruction is designed to exit the entire script hence the purpose of having only one instruction at a time. EXIT instruction has the capability of causing some of the script to be unread if placed incorrectly. As a result, the script will have compilation errors. Business Impacts [...]

Care must be taken while selecting a Candidate key as Primary

Software ResiliencyProgramming Best Practices Why you should care Candidate Key can be any column or a combination of columns that can qualify as a unique key in the database. There can be multiple Candidate keys in one table. Each candidate key can qualify as Primary Key. Primary Key is a column or combination of columns [...]

Exported Variables are global in scope and store values

Software AgilityCode Readability Why you should care Variables and parameters are used by the Korn shell to store values. The Korn shell supports data types and arrays. The Variables are global in scope and begin with an alphabetic or underscore character followed by one or more alphanumeric or underscore characters. Other variables include digits (0 [...]

Multiple instructions on the same line decreases code readability.

Software AgilityCode Readability Why you should care Having multiple instructions on one line of code remarkably decreases readability of the code as well as making it tougher to understand, and execute, causing it to be more susceptible to bugs in the long run. Business Impacts It is recommended to have reduce the number of instructions [...]

JSP can handle exceptions

Software ResiliencyCode Reliability Why you should care When writing a JSP code, coding errors can happen at any part of the code. When an error occurs, the file cannot be found causing an exception. Such exceptions included are Checked exceptions, Runtime exceptions, Errors. JSP provides ways to handle exceptions such as specifying Error Page for [...]

Conditional comments are designed exclusively for IE

Software ResiliencyCode Reliability Why you should care Conditional Comments are designed exclusively for Internet Explorer (IE), and hence they operate greatly in that specific browser as these comments are suited to give special instructions that are only meant for IE. As a result, conditional comments are considered a hindrance when run in a browser, other [...]

Background processes are created by KSH

Software ResiliencyCode Reliability Why you should care Background processes occur behind the scenes without user intervention. They can be considered unwanted and slow down the software that is running and is of main priority to the user. Background processes occur as KSH is capable of providing a facility to control and run job in the [...]

A static or unqualified import is harmful to readability.

Software ResiliencyProgramming Best Practices Why you should care A static or unqualified report is found in the JSP which is analogous to normal import declaration. The report is unqualified after adding a star(*) at the end of the import statement. However the issue with the unqualified report is that they make one’s program unreadable impacting [...]

EXIT without parameters cause issues in the script

Software ResiliencyCode Reliability Why you should care The KSH script starts at the first and essentially ends when the code encounters an “exit” or the last line. When exiting a code without parameters, it causes the code to become unreliable and cause errors that tend to become unmanageable. Business Impacts It is recommended to have [...]

If & else statements can be taxing for the CPU

Software ResiliencyProgramming Best Practices Why you should care If and else statements are considered to be time consuming in nature as they tend to be repetitive in order to execute the code properly which causes is not ideal for a programmer and can also be considered taxing for the CPU. Business Impacts While if and [...]

Multiple lines makes code harder to read

Software ResiliencyProgramming Best Practices Why you should care Having multiple lines as one line of code remarkably decreases readability of the code. This makes the source code tougher to understand, and execute, causing it to more error prone and susceptible to bugs in the near-future. Business Impacts Combining multiple lines of code on one line [...]

Artifacts and Subqueries decrease code agility

Software AgilityCode Readability Why you should care Having Complex queries in SQL Artifacts lead to causing performance problems and decrease in code agility. Subqueries are considered to be complicated in nature. Business Impacts Complex queries are not recommended as they reduce code agility thereby increasing costs. Cost CAST Recommendations Subqueries are generally considered fine unless [...]

$$ creates unique temporary filenames

Software ResiliencyCode Reliability Why you should care $$ is used to making temporary names with the process ID in KSH. It allows for the name to be unique to the process. Business Impacts $$ prevents risks and is helpful in making KSH code more productive by giving it more uniqueness. Production Risk CAST Recommendations References [...]

CASE cannot be an instruction without a WHEN clause

Software ResiliencyProgramming Best Practices Why you should care The PLSQL CASE has similar functionality of an IF-THEN-ELSE statement. The CASE statement evaluates a single expression and expresses it against several potential values or evaluates Boolean Values while choosing the first one that is TRUE. WHEN clauses are executed in order. WHEN clauses is executed only [...]

Double semicolon is required for a bash syntax to correctly parse the command

Software ResiliencyCode Reliability Why you should care A simple semicolon is used to end the items of structures, signatures and objects as these semicolons are considered mandatory. The double semicolon is also useful as it leaves no ambiguity in the code. It is required as it is used at the end of each clause as [...]

Multiple packages in the same file have multiple references can cause agility issues

Software AgilityCode Readability Why you should care A package is a schema object that groups logically related PL/SQL types, variables, and subprograms. They usually have a specification (spec) and a body. The spec is the package’s interface which declares the types, variables, constants, exceptions, cursors, and subprograms which are referenced from outside the package. Although [...]

CompareTo Empty is unreliable as it tests reference equality, not object equality

Software ResiliencyCode Reliability Why you should care Using a CompareTo Empty string is considered unreliable as it tests reference equality and not object equality. Generally when programming, one cannot entirely rely on reference equality as it tends to be inaccurate and unreliable which is not ideal for the code. Business Impacts It is recommended to [...]

Javascript in HTML can be unreadable and cause reliability issues

Software ResiliencyCode Reliability Why you should care Including JavaScript files in HTML is not ideal as some browsers cannot read an external Javascript file and usually renders it completely blank. It usually requires importing a Jquery. Having Javascript files be unreadable in HTML can cause reliability issues. Business Impacts It is recommended to avoid JavaScript [...]

JSP standard is XML-compliant but certain elements cannot be mixed causing agility issues

Software AgilityCode Readability Why you should care Mixing JSP standard syntax and JSP XML syntax is considered somewhat common as much of the standard JSP syntax is already XML-compliant including all the standard actions. However there are certain elements that are not compliant with an XML syntax. Such elements include Comments where Standard Syntax comments [...]

Group Use declarations help cut verbosity in the code

Software AgilityCode Readability Why you should care Group use declarations are used to cut verbiosity when importing multiple entities from a common nameplace. These declarations help make it easier to identify multiple imported entities belong to the same module. It helps improve readability, allow for the code to be less complicated and less error prone [...]

Commenting on setProperty() method allows for software to be resilient

Software ResiliencyCode Reliability Why you should care setProperty() method interface sets a new value for a property on a CSS declaration object. Without commenting on the setProperty() method, it is left ambigous which is not ideal for good programming practice causing reliability issues which can result in an error prone software. Business Impacts It is [...]

Aliases can complicate and hide commands that hamper resiliency

Software ResiliencyCode Reliability Why you should care An Alias is an alternative name or reference that can be defined in a T-SQL statement for use within that statement. They are not stored by the SQL server permanently. Usually they are one or two characters long and are not required in any part of the statement. [...]

CDATA is an XML construct which can only be read by JSP

Software ResiliencyProgramming Best Practices Why you should care CDATA stands for character Data and is an XML construct. It lies in between these strings which include data that could mistakenly be interpreted as XML markup. It has no meaning in HTML as it is ignored by the parser. However, it is not ignored by Javascript [...]

Illegal exception occurs when user declares a standard exception.

Software ResiliencyCode Reliability Why you should care In PLSQL, an exception is a warning or a type of error condition. They can internally defined (by the run-time system) or user defined. An illegal exception occurs when a standard exception is declared by the user because such expressions are declared by PLSQL. Having illegal expressions in [...]

Incomplete JSP fragments can cause readability errors.

Software ResiliencyProgramming Best Practices Why you should care JSP fragments are a portion of a JSP code passed to a tag handler so it can be invoked as many times as required. They can be considered as a template that is used by a tag handler to produce customized content. A fragment attribute is evaluated [...]

Declaring errors prevents security risks

Software ResiliencyProgramming Best Practices Why you should care Exception handling is the process in JSP to handle runtime errors. Any number of exceptions can arise when JSP page is executed. Without defining or declaring the errors, the error is not undeclared and is left unverified causing it have security risks and flawed resiliency which is [...]

Using {curly braces} is less error-prone

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Switch statements should have a default case specified

Switch statements should have a default case specified Software ResiliencyProgramming Best Practices This code insight verifies the ratio between the number of switch statements with missing default cases specified and the total number of switch statements found in the source code. Depending on this ratio and thresholds CAST has defined, Highlight counts penalty points for [...]

Database columns, functions, triggers and procedures should be commented

Database columns, functions, triggers and procedures should be commented Software AgilityEmbedded Documentation This code insight counts the number of function parameters, triggers, procedures and database columns (on CREATE TABLE) that are not commented. Based on specific thresholds CAST has defined, Highlight counts penalty points to the scanned file. Why you should care Making sure your [...]

Avoid exposing too many attributes

Avoid exposing too many public class fields Software ResiliencyProgramming Best Practices This code insight counts the number of cases when an attribute is directly exposed outside a class (more explicitly when the keyword "public" is associated with a data field of the class). Based on the density and on specific thresholds CAST has defined, Highlight [...]

Avoid using functions before their declaration

Avoid using functions before their declaration Software AgilityCode Readability This code insight counts the number of cases when functions are called prior to their definition in the source code. Based on the density of this bad practice and on specific thresholds CAST has defined, Highlight counts penalty points for the scanned file. Pattern example (here, [...]

Avoid repetitive access to nested members

Software ResiliencyProgramming Best Practices Why you should care As explained by W3C: “Accessing the DOM in browsers is an expensive thing to do. The DOM is a very complex API and rendering in browsers can take up a lot of time. You can see this when running complex web applications when your computer is already [...]

Code should be stripped out of suspicious comments

Code should be stripped out of suspicious comments (e.g. todo, tbd, tbc, etc.) Software AgilityEmbedded Documentation This code insight counts the number of occurences where suspicious keywords are found in comments. Based on the number of cases and associated with specific thresholds CAST has defined, Highlight counts penalty points to the scanned file. Keywords that [...]

Semicolons seem to be missing too frequently

Semicolons seem to be missing too frequently Software ResiliencyCode Reliability This code insight verifies that semicolons are not missing too frequently. Depending on the calculated density and based on thresholds CAST has defined by analyzing hundreds of Javascript projects, Highlight counts penalty points to the scanned file. Why you should care Although Javascript provides more [...]

Structural code complexity may be too high

Structural code complexity may be too high Software EleganceCode Complexity This code insight - derived from Tom McCabe's Cyclomatic Complexity - estimates the level of strutural complexity of a piece of source code by counting and summing the total number of logical conditions (if, while, for, case, default), functions and methods. Depending on specific thresholds [...]

The code contains too many lines containing several instructions

The code contains too many lines containing several instructions Software AgilityCode Readability This code insights verifies that the source code doesn't contain multiple instructions in a single line. Depending on the density of cases of multiple instructions per line of code, and based on specific threshods, Highlight counts penalty points for the scanned file. The [...]

Method parameters should have their description tag

Software AgilityEmbedded Documentation Why you should care Ensuring your application source code is well-documented is a no brainer and an undisputed good programming practice. And since applications are now more and more exposed to a technical audience through APIs, the level and quality of the technical documentation is a key differentiator that could make your [...]

A line of code shouldn’t be too long (to help readability)

A line of code shouldn't be too long (to help readability) Software AgilityCode Readability This code insight counts the number of characters for each line of code and verifies that an application doesn't globally contain too many long lines. Depending on thresholds defined by CAST based on its expertise and experience in measuring software, Highlight [...]

Code indentation, line, and character encoding formats should be consistent

Code indentation, line, and character encoding formats should be consistent Software AgilityCode Readability This code insights detects when different code formatting styles are heterogeneous (CRLF, CR or LF for new line formatting, full spaces, tab spaces ... for identations, UTF8, Windows-1252 … for character encoding). Depending on the number of different styles used within a [...]

Attribute, classes and methods should follow a naming convention

Software AgilityCode Readability Why you should care You may think naming conventions are purely cosmetic, and you’re not completely wrong. However, this is a signature of a mature development team who writes good software. If theses simple rules are not applied, what about the rest? Like in English where a sentence starts with a capital [...]

Avoid literal numbers (i.e. Magic numbers are not so magic)

Software ResiliencyProgramming Best Practices Why you should care A magic number is a direct usage of a number in the code (e.g. “if($foo > 65)”) which refers to a specific value that can’t be easily understood by just reading it. Using too many magic numbers can lead to these types of issues: – Confusing: the [...]

Too many controversial, unsafe or deprecated keywords in procedure divisions

Too many controversial, unsafe or deprecated keywords in procedure divisions Software ResiliencyCode Reliability This code insights looks in COBOL procedure divisions for a list of possible deprecated or controversial keywords and verifies if their usage frequency is abnormaly high. Possible deprecated or controversial keywords Highlight looks at: SELECT, ACCEPT (if not followed by FROM DAY, [...]

Ensure that your main SQL-related code artifacts are documented

Ensure that your main SQL-related code artifacts are documented Software AgilityEmbedded Documentation This code insight counts the number of SQL-related code artifacts (functions, procedures, triggers and view declarations) that are not preceded with a block of comments, and compares that number to the total number of artifacts. Depending on this ratio and based on thresholds [...]

Operators and operands should use appropriate spacing to help readability

Operators and operands should use appropriate spacing to help readability Software AgilityCode Readability This code insights verifies that operators and operands are generally surrounded with spaces for better readability. Depending on thresholds CAST has defined, Highlight counts penalty points for the scanned file if missing spaces are too frequent. Why you should care Itishardertoquicklyunderstandwordsthatarenotseparatedwithspaces, don't [...]

Levels of logic complexity and conditions seem to be unbalanced

Software EleganceCode Complexity Why you should care Managing software complexity is an art of balancing the different natures of complexity that code can exhibit. Ensuring that logical operators are not too frequently complex within logical conditions is one way to help developers spend more time adding new features instead of trying to figure out how [...]

Avoid using “this” unless it points to a newly created object (and tested)

Software ResiliencyCode Reliability Why you should care In some contexts, using the keyword "this" could impact software reliability and lead to unexpected behaviors. More specifically, in a constructor, this is a reference on a new object just created by the new keyword when invoking a constructor. But, if the constructor is not invoked with new [...]

Wildcard imports should not be used too frequently

Wildcard imports should not be used too frequently Software AgilityCode Readability This code insight detects and counts the number of import statements with a wildcard (e.g. "import java.awt.*") and compares with the number of total import occurences found in the code. Why you should care Like in database queries, importing software libraries or packages using [...]

Exceptions shouldn’t be catched with system exception classes

Exceptions shouldn't be catched with system exception classes Software ResiliencyProgramming Best Practices This code insight detects and counts the usage of generic exception catches like catch(…), Exception, Throwable, SystemException, RuntimeException, Error. Based on frequency thresholds CAST has determined by analyzing source code over the last 25 years, Highlight determines whether the usage ratio of these [...]

Avoid Implied Typecasting

Software ResiliencyCode Reliability Why you should care Software development is an exact science and software doesn’t really like having doubts. Some programming languages have different ways to evaluate and compare manipulated information.  In the case of this code insight, a syntax confusion due to an implicit interpretation (e.g. using “==” instead of “===” in Javascript) [...]

Using {curly braces} is less error-prone

Using {curly braces} is less error-prone Software ResiliencyProgramming Best Practices This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for "else" used within an "else if" statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending [...]

Too much commented out code can be counter-productive

Too much commented out code can be counter-productive Software AgilityEmbedded Documentation This code insight counts the number of comment lines that starts with keywords such as if, else, while, foreach, switch, etc. and ends with ";", "{" or "}". Depending on the density of commented out lines compared to total lines of code, Highlight counts [...]

The vocabulary frequency is too low

The code vocabulary frequency may be too low Software EleganceCode Complexity This code insight - a derived metric from Halstead complexity measures - evaluates if a source file has a correct level of keyword variety (i.e. the ratio between the total number of operators/operand and the number of distinct operators/operands). If this ratio is high, [...]

Bulky files are complex to work with

Software EleganceCode Complexity Why you should care Having too large source files could be compared to looking for a needle in a haystack. If developers have to massively scroll down to go to the portion of code they want to fix or to add a new functionality, it costs time and energy. Although there's no [...]

A line of code shouldn’t be too long (to help readability)

Software AgilityCode Readability Why you should care A piece of source code in your software could be compared to a page of a book.  In a book, a human can’t easily read and understand a very long line – it’s all about eye comfort. That’s even more true when reading code, since each keyword could [...]

Ensure the code contains enough block of comments

Ensure the code contains enough block of comments Software AgilityEmbedded Documentation This code insight verifies the ratio between the number of comment blocks and total lines of code instructions (comment, blank and docstring excluded). Depending on the calculated ratio and the technology (by design, some programming languages - keywords, operators, etc. - require less comments [...]

Short code identifiers are harder to understand

Short code identifiers are harder to understand Software AgilityEmbedded Documentation This code insight counts the number of code identifiers (such as class, function, method, attribute names, etc.) whose length is lower than a predefined number of characters for each technology. Depending on the density of these short identifiers vs. all identifiers, Highlight counts penalty points [...]