Upload
cast
View
1.627
Download
3
Tags:
Embed Size (px)
Citation preview
EXCUSE ME BUT…YOUR CODE SMELLS
Unlike touch and taste, the sense of smell can detect odors
from a distance. This certainly comes in handy to prevent us
from eating something poisonous, or giving advance warning
of danger in our environment.
So what does this have to do with code?
For over 20 years, software engineers have used code smells
to detect problems in their source code. Why? Because
smells are early warnings!
A code smell is any symptom in the source code of an
application or system that indicates a deeper problem,
such as weaknesses in design or system vulnerabilities
that may increase the risk of future failures.
DON’T TAKE IT PERSONALLY
A human nose can detect over 10,000 different smells!
A code smell hints that something is wrong in the source
code that runs your system. Good software engineers
employ automated code smelling tools such as code
quality analysis to detect, identify, and track down these
potential weaknesses in their code.
Functional testing is not enough.
Functional testing only evaluates a system's compliance
with its specified requirements, while automated tools
examine the actual code to highlight weakness, and
identify high value targets for refactoring. According to
Capers Jones, “A synergistic combination of formal
inspections, static analysis, and formal testing can achieve
combined defect removal efficiency levels of 99%.”
WHAT’S IN A CODE SMELL?
Kent Beck coined the term Code Smell - Refactoring: Improving the Design of Existing Code
Like the seven primary smells that your
nose can identify, code smells can be
classified to help you understand the
type of issues that may be present in
source code.
Research indicates that code smells correlate to maintainability
and production issues, which means detecting code smells
prior to releasing code into production helps improve system
maintainability and reliability.
Therefore, automatic detection of code smells is a valuable
early warning system that can benefit virtually every
development organization.
OH MY….WHAT’S THAT SMELL?
7 Types of Smells • Camphoric (Mothballs) • Musky (Perfume) • Roses (Floral) • Pepperminty • Etheral (Dry Cleaning Fluid) • Pungent (Vinegar) • Putrid (Rotten Eggs)
7 Examples of Code Smells • Duplicated code • Long methods • Large class • Too many parameters • Inappropriate intimacy • Contrived complexity • Excessively long identifiers
10101010101011010101010101010101011010101010101010101001010111101010101010101010101010101010101010101011010101010101101010101010101010101101010101010101010100101011110101010101010101010101010101010101010101101010101010110101010101010101010110
Code smells can be detected by a static code quality agent that can read source code. The agent builds a representation of the code, then checks it against a set of patterns.
HOW TO SMELL YOUR CODE
POOR GOOD EXCELLENT
Size
Complexity
Best Practices
Stability
Maintainability
The agent looks at the occurrences of bad code patterns. The presence of one instance of a pattern doesn’t mean the code smells; however, many occurrences may trigger a threshold that indicates the code is starting to smell.
The agent aggregates the results of the pattern detection and generates code quality metrics (ie. number of lines of code, comment density, code complexity). These metrics and indicators are used to determine how much and what type of risky behaviors have been detected in the code.
The annual impact of bad software is estimated to be $59
billion and over 90% of the vulnerabilities that cause these
defects are in source code.
Analyzing critical systems to detect code smells prior to
release provides benefits well beyond simple functional
testing. Automated code smell detection is a fast, reliable
risk reduction tool that should applied to all critical systems
to ensure early identification of potential issues and prevent
costly system outages and repair efforts.
THE IMPORTANCE OF SMELL
Early Warning Indicators
Recent high-profile IT failures that may have benefitted from code-smelling.
MY CODE STINKS…NOW WHAT?
Transparency into the state of critical systems is difficult, yet
crucial to any organization. Once you’ve scanned your critical
systems, the next step is to determine root cause. Code can
go bad at many levels – programmer, process, architectural,
and even organizational. The key is that by analyzing and
measuring your code regularly you have the visibility and
facts needed to isolate root cause.
Bad things happen to good code.
Even great code will start to smell bad over time as fixes and
enhancements are introduced into the code base. However,
there are simple precautions you can take to detect potential
vulnerabilities early.
Gain Visibility & Monitor Regularly
WAKE UP AND SMELL YOUR CODE!
Mission critical applications come with risks that have
significant business consequences. The conditions that
produce these risks grows steadily worse, as applications
become larger and more complex and demand from the
market to be more agile to compete increases. These are
perfect conditions that lead to headline making disasters
and end careers.
You must find ways to control the internal quality of your
systems. Identifying code smells through automated code
quality analysis is a scalable and effective method to
monitor critical systems evolution, improve maintainability,
and reduce the likelihood of production outages.
Identify & Prevent Risk
START SMELLING LIKE A ROSE
Get visibility – Chance are you have no idea what your
code smells like. Have your teams perform code quality
analysis to establish a baseline of internal structural
quality.
Monitor – Insist that product teams regularly measure
and report on the internal quality of mission critical
systems. Require clear plans to mitigate these
vulnerabilities.
Communicate – Use this information as the foundation of
a continuing dialogue with your team to close process
gaps and develop needed skill sets.
Ask CAST for help – We’ve been helping clients prevent
bad code from impacting good businesses for over 15
years.
Try CAST HIGHLIGHT!
www.casthighlight.com/demo
Rapid Application Portfolio Analysis