Excuse Me But...Your Code Smells.

2,558 views

Published on

For over 20 years, software engineers have used code smells to detect problems in their source code. Why? Because smells are early warnings!

Research indicates that code smells correlate to maintainability and production issues, which means detecting code smells prior to releasing code into production helps improve system maintainability and reliability. Therefore, automatic detection of code smells is a valuable early warning system that can benefit virtually every development organization.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,558
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
42
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Excuse Me But...Your Code Smells.

  1. 1. EXCUSE ME BUT…YOUR CODE SMELLS
  2. 2. Unlike touch and taste, the sense of smell can detect odors from a distance. This certainly comes in handy to prevent us from eating something poisonous, or giving advance warning of danger in our environment. So what does this have to do with code? For over 20 years, software engineers have used code smells to detect problems in their source code. Why? Because smells are early warnings! A code smell is any symptom in the source code of an application or system that indicates a deeper problem, such as weaknesses in design or system vulnerabilities that may increase the risk of future failures. DON’T TAKE IT PERSONALLY A human nose can detect over 10,000 different smells!
  3. 3. A code smell hints that something is wrong in the source code that runs your system. Good software engineers employ automated code smelling tools such as code quality analysis to detect, identify, and track down these potential weaknesses in their code. Functional testing is not enough. Functional testing only evaluates a system's compliance with its specified requirements, while automated tools examine the actual code to highlight weakness, and identify high value targets for refactoring. According to Capers Jones, “A synergistic combination of formal inspections, static analysis, and formal testing can achieve combined defect removal efficiency levels of 99%.” WHAT’S IN A CODE SMELL? Kent Beck coined the term Code Smell - Refactoring: Improving the Design of Existing Code
  4. 4. Like the seven primary smells that your nose can identify, code smells can be classified to help you understand the type of issues that may be present in source code. Research indicates that code smells correlate to maintainability and production issues, which means detecting code smells prior to releasing code into production helps improve system maintainability and reliability. Therefore, automatic detection of code smells is a valuable early warning system that can benefit virtually every development organization. OH MY….WHAT’S THAT SMELL? 7 Types of Smells • Camphoric (Mothballs) • Musky (Perfume) • Roses (Floral) • Pepperminty • Etheral (Dry Cleaning Fluid) • Pungent (Vinegar) • Putrid (Rotten Eggs) 7 Examples of Code Smells • Duplicated code • Long methods • Large class • Too many parameters • Inappropriate intimacy • Contrived complexity • Excessively long identifiers
  5. 5. 1010101010101101010101 0101010101011010101010 1010101010010101111010 1010101010101010101010 1010101010101011010101 0101011010101010101010 1010110101010101010101 0100101011110101010101 0101010101010101010101 0101010110101010101011 0101010101010101010110 Code smells can be detected by a static code quality agent that can read source code. The agent builds a representation of the code, then checks it against a set of patterns. HOW TO SMELL YOUR CODE POOR GOOD EXCELLENT Size Complexity Best Practices Stability Maintainability The agent looks at the occurrences of bad code patterns. The presence of one instance of a pattern doesn’t mean the code smells; however, many occurrences may trigger a threshold that indicates the code is starting to smell. The agent aggregates the results of the pattern detection and generates code quality metrics (ie. number of lines of code, comment density, code complexity). These metrics and indicators are used to determine how much and what type of risky behaviors have been detected in the code.
  6. 6. The annual impact of bad software is estimated to be $59 billion and over 90% of the vulnerabilities that cause these defects are in source code. Analyzing critical systems to detect code smells prior to release provides benefits well beyond simple functional testing. Automated code smell detection is a fast, reliable risk reduction tool that should applied to all critical systems to ensure early identification of potential issues and prevent costly system outages and repair efforts. THE IMPORTANCE OF SMELL Early Warning Indicators Recent high-profile IT failures that may have benefitted from code-smelling.
  7. 7. MY CODE STINKS…NOW WHAT? Transparency into the state of critical systems is difficult, yet crucial to any organization. Once you’ve scanned your critical systems, the next step is to determine root cause. Code can go bad at many levels – programmer, process, architectural, and even organizational. The key is that by analyzing and measuring your code regularly you have the visibility and facts needed to isolate root cause. Bad things happen to good code. Even great code will start to smell bad over time as fixes and enhancements are introduced into the code base. However, there are simple precautions you can take to detect potential vulnerabilities early. Gain Visibility & Monitor Regularly
  8. 8. WAKE UP AND SMELL YOUR CODE! Mission critical applications come with risks that have significant business consequences. The conditions that produce these risks grows steadily worse, as applications become larger and more complex and demand from the market to be more agile to compete increases. These are perfect conditions that lead to headline making disasters and end careers. You must find ways to control the internal quality of your systems. Identifying code smells through automated code quality analysis is a scalable and effective method to monitor critical systems evolution, improve maintainability, and reduce the likelihood of production outages. Identify & Prevent Risk
  9. 9. START SMELLING LIKE A ROSE Get visibility – Chance are you have no idea what your code smells like. Have your teams perform code quality analysis to establish a baseline of internal structural quality. Monitor – Insist that product teams regularly measure and report on the internal quality of mission critical systems. Require clear plans to mitigate these vulnerabilities. Communicate – Use this information as the foundation of a continuing dialogue with your team to close process gaps and develop needed skill sets. Ask CAST for help – We’ve been helping clients prevent bad code from impacting good businesses for over 15 years. Try CAST HIGHLIGHT! www.casthighlight.com/demo Rapid Application Portfolio Analysis

×