Change Risk Anti-Patterns & Code Complexity

cyclomatic_complexityThe change risk anti-patterns metric is a measure of the “risk” associated with your code. Understanding change risk anti-patterns and the the correlation between code complexity and code coverage is crucial for development teams who want to maintain the overall health and quality of their code base.

Code, Complexity & Risk

When we refer to “complex” code within the .NET development environment, we are referring to the number of branch points, or decisions, that occur within a method or a function.  The greater the number of branch points, the greater the complexity of the code.  As the complexity of the code increases, so does the “risk” of the code in terms of unintended consequences when exercising the code and unintentionally introducing bugs or defects when making changes to the code.

Although thoroughly testing code and maintaining high levels of code coverage is one method for mitigating the risk of code, the underlying complexity of that code continues to contribute to its overall risk.  This correlation between complexity and code coverage can be quantified and managed by using the change risk anti-patterns score.

The Change Risk Anti-Patterns (CRAP) Score

change_risk_anti_patternsChange risk anti-patterns score was originally developed by Alberto Savoia and Bob Evans in 2007 and weighs the amount of uncovered code against the complexity of that code.  Code that is more complex and has not been well tested will have a higher change risk anti-patterns score.  This is based on the methodology that the more complex code is the more likely it is to have errors, hence the need for greater code coverage.

To better understand, let’s assume a scenario where you wanted to keep your change risk anti-patterns score below 30.  To maintain this level with a code set that has a cyclomatic complexity of 10, you would need to achieve a code coverage (as defined by branch coverage) ratio of approximately 42%.  If however, the complexity of your code was greater and you had a cyclomatic complexity of 20, you would need almost 72% code coverage if you wanted to maintain the same risk level.

Complexity increases risk.  Testing decreases risk.  The change risk anti-patterns score give you a metric to measure the correlation between the two.

NCover’s Code Complexity & Risk Metrics

In order to provide you with a better understanding of the risk of your code, NCover provides you with several additional metrics for managing your .NET application.

change_risk_anti_patterns_thresholdsCyclomatic Complexity

Cyclomatic complexity was originally developed by Thomas J. McCabe, Sr. in 1976 and is a quantitative measure of logical strength of a program. A method’s complexity is measured by the number of linearly independent paths from the start of the method to an exit point. In general, the more complex a method is, the harder it is to understand, and the more likely it is to contain bugs or implementation errors.  Within the NCover interface, the cyclomatic complexity for any particular method can be found by drilling down the the method level.

Maximum (Max.) Complexity

Max. complexity refers to the highest single cyclomatic complexity score within a particular code set.  Within the NCover  interface, this number is for all of the underlying code for a particular module, namespace, type or class until you drill down to the method.

% Satisfactory (Sat.) Complexity

Within the setting for any given project, you can define your own acceptable cyclomatic complexity level. % sat. complexity is a measure of what percentage of your methods are within your defined “acceptable” level.

Max CRAP Score

Max CRAP score defines the highest change risk anti-patterns score associated to any method within a selected code set. Max CRAP score helps you identify at a glance the most complicated, and risky, parts of the code.

CRAPpy Methods

CRAPpy methods provides you a count of the total number of methods within a selected code set that have a change risk anti-patterns score above the user-defined acceptable level.  Within the NCover interface, you can select Settings for a given project to set your threshold level.


  1. […] Change Risk Anti-Patterns & Code Complexity (Kerry Meade) […]