Introducing, cyclomatic complexity issues

anto-christo · September 22, 2023, 9:37am

Cyclomatic complexity is a crucial metric for assessing the complexity of your code. It measures the number of different paths through a function, and in essence, it tells you how complicated and tangled your code might be. A high cyclomatic complexity often indicates code that is hard to understand, challenging to maintain, and prone to bugs.

Today, we are excited to announce the capability to identify functions with “unacceptable” values of cyclomatic complexity across all major programming languages supported by DeepSource. Issues are raised on such functions so that you are aware of parts in your codebase that are a maintenance nightmare and can take proactive steps to ensure that they are refactored to more maintainable implementations.

Whenever a function is reported to have an elevated cyclomatic complexity, it is not only associated with a complexity value but is also assigned a risk level. This risk level serves as a handy indicator to guide you in deciding which functions in your codebase should be refactored on priority.

Risk Level	Cyclomatic Complexity Range	Recommended Action
low	1 - 5	No action needed.
medium	6 - 15	Review and monitor.
high	16 - 25	Review and refactor. Recommended to add comments if the function absolutely needs to be kept as it is.
very-high	26 - 50	Refactor to reduce the complexity.
critical	> 50	Must refactor this. This can make the code untestable and very difficult to understand.

We acknowledge that the interpretation of cyclomatic complexity can be subjective, and hence these risk levels are also used to specify the threshold above which you would like a function to be flagged as having an “unacceptable” value of cyclomatic complexity.

DeepSource by default has a particular risk level set as the threshold based on the nature of each programming language. However, this threshold can be changed per language analyzer by adding the cyclomatic_complexity_threshold meta option in your .deepsource.toml file.

To learn more about the default thresholds and how to configure them, you can visit the respective analyzer documentation.

zordog · October 21, 2023, 10:58am

Hey @anto-christo, is there a metric definition, on how the cyclomatic complexity gets calculated?
As we know, whenever the control flow of a function splits, the cyclomatic complexity counter gets incremented by one and each function has a minimum complexity of 1. But, this calculation varies slightly by language because keywords and functionalities do. Do you have language specific details, which keywords, control-statements increase the complexity counter?

anto-christo · October 23, 2023, 1:47pm

Hey @zordog, currently such language-specific details are not available as part of our documentation. We are working on updating the docs with these details. I’ll share it here once it’s available.

Topic		Replies	Views
C# Analyzer: 30+ new static analysis checks New in DeepSource csharp , static-analysis	0	933	October 26, 2022
55 new issues added in the Go analyzer New in DeepSource	0	872	May 4, 2020
Ruby analyzer updates - January 2021 New in DeepSource analyzers , autofix , ruby	0	676	February 18, 2021
Go Analyzer Updates - March 2021 New in DeepSource go , analyzers , autofix	0	650	April 6, 2021
Tell me more about the magic Help Wanted	1	640	August 11, 2020

Introducing, cyclomatic complexity issues

Related Topics