NDepend

Improve your .NET code quality with NDepend

Your Guide to Winning Arguments About Code

The whole “tabs versus spaces” thing occupies sort of an iconic position in the programmer world. It represents the impossibility of winning arguments that are unwinnable by their very nature. These are so-called religious wars — our techie version of The Butter Battle Book but without the Cold War overtones.

But this and arguments like it rarely actually play out in team rooms and offices. At least, that’s always been my experience. I’ve only ever witnessed live “tabs versus spaces” arguments happen ironically.

Actual Arguments in the Programmer World

So here’s how it really goes down.

You take a job with a company, excited about the new office, the shorter commute, and the bump in pay. You’re riding high. But then the onboarding starts with the codebase.

Greg, the most senior member of the group, walks you through the codebase with a slightly smug affect of obvious pride. The codebase has everything you could ever want, according to Greg. To your mounting horror, this includes

Inheritance hierarchies that are inscrutable, dark, and deep (with miles to go before you sleep).
A generous portion of global state.
Liberal use of reflection, often for no discernible reason.
And, of course, an extensive, homegrown “framework.”

Greg finishes with a flourish: “So, anytime you need to add a new feature, you just open GodClass.cs, scroll down to line 12,423, add another method, and get started!”

You’re new, and you’re not entirely sure that this isn’t an elaborate prank, so you swallow and say, “Oh…great!” while already planning the lengthy suggestions document that you’re going to put together. And so the stage is set for what will become a never-ending string of arguments of variable politeness about the codebase.

Swap my hypothetical specifics for yours, but the formula is the same. Someone is asking you to exist in a codebase that you have philosophical reservations about, which will force you to write code you don’t like.

Winning Arguments: How Does One Define This?

I’ve now set the stage, but what does it actually mean to “win” an argument? This is pretty hard to define in a lot of contexts, such as people arguing on Facebook about politics or fighting at dinner. Is it the one who got the last word in? The one who was louder? The one who didn’t simply give up?

Luckily, in your quest to de-Greg your new company’s codebase, “winning” is easier to define (if admittedly something of a loaded term). You win if, by mutual consent, however grudging, the thing you think should happen winds up immortalized in the team’s source control. And the mutual consent part matters. Just slamming something into source control and being forced to revert later by an angry Greg doesn’t count.

You win when your argument carries the day and results in concrete action. So let’s look at some techniques for making that more likely.

Continue reading Your Guide to Winning Arguments About Code

Functional Programming Makes Your Code Not OO…And That’s It

Over the course of the fall and winter, I’ve been gaining momentum with code research posts. Today, I bring that momentum to bear on the subject of functional programming. Or at least, on functional style of programming in C# codebases.

But before I do that, let me provide a little background in case you haven’t caught the previous posts in the series. It started with me doing automated static analysis on 100 codebases to see how singletons impact those codebases. Next up, I used that data to look at how unit tests affect codebases. That post generated a lot of buzz, so I enlisted a partner to help with statistical analysis and then boosted the codebase sample size up to 500.

At the end of that last post, I suggested some future topics of study. Well, now I’ve picked one: functional programming.

What Is Functional Programming?

The idea with this post is mostly to report on findings, but I’d be remiss if I didn’t provide at least some background so that anyone reading has some context. So first, let’s cover the topic of functional programming briefly.

Functional programming is one of the major programming paradigms. Specifically, its calling card is that it disallows side effects. In other words, it models the rules of math, in which the result of the function (or method) is purely a deterministic function of its inputs.

So, in pseudo-code, it looks like this:

public int Add(int x, int y)
{
  return x + y;
}

public int Add(int x, int y)

{

return x + y;

}

This is a functional method. But if you do something like this

public int Add(int x, int y)
{
  return GlobalVariable + x + y;
}

public int Add(int x, int y)

{

return GlobalVariable + x + y;

}

or like this

public int Add(int x, int y)
{
  _databasePlopper.plopResultInDatabase(x + y); 
  return x + y;
}

public int Add(int x, int y)

{

_databasePlopper.plopResultInDatabase(x + y);

return x + y;

}

then you’re out of the functional realm because you’re adding side effects. These two modified versions of Add() each concern themselves with the world beyond processing the inputs to add. (As an aside, you could “fix” this by passing the global variable or the _databasePlopper dependency to the method as a parameter.)

Now, take note of something because this matters to the rest of the post. While C# (or any other object-oriented language) is not a functional language, per se, you can write functional methods in C#.

Continue reading Functional Programming Makes Your Code Not OO…And That’s It

Unit Tests Correlate With Desirable Codebase Properties

Today, I give you the third post in a series about how unit tests affect codebases.

The first one wound up getting a lot of attention, which was fun. In it, I presented some analysis I’d done of about 100 codebases. I had formed hypotheses about how I thought unit tests would affect codebases, and then I tested those hypotheses.

In the second post, I incorporated a lot of the feedback that I had requested in the first post. Specifically, I partnered with someone to do more rigorous statistical analysis on the raw data that I’d found. The result was much more clarity about not only the correlations among code properties but also how much confidence we could have in those relationships. Some had strong relationships while others were likely spurious.

In this post, though, I’m incorporating the single biggest piece of feedback. I’m analyzing more codebases.

Analysis of 500 (ish) C# Codebases

Performing static analysis on and recording information about 500 codebases isn’t especially easy. To facilitate this, I’ve done significant work automating ingestion of codebases:

Enabling autonomous batch operation
Logging which codebases fail and why
Building in redundancy against accidentally analyzing the same codebase twice.
Executing not just builds but also NuGet package restores and other build steps.

That’s been a big help, but there’s still the matter of finding these codebases. To do that, I mined a handful of “awesome codebase” lists, like this one. I pointed the analysis tool at something like 750 codebases, and it naturally filters out any that don’t compile or otherwise have trouble in the automated process.

This left me with 503 valid codebases. That number came down to 495 once adjusted for codebases that, for whatever reason, didn’t have any (non-third party) methods or types or that were otherwise somehow trivial.

So the results here are the results of using NDepend for static analysis on 495 C# codebases.

Continue reading Unit Tests Correlate With Desirable Codebase Properties

Following the Software Architecture Career Path

I can recall a certain day in my career with remarkable clarity.

I say remarkable because this happened well over a decade ago, when I was a relatively fresh-faced software engineer. My manager had called me in for a chat — quarterly review or some such. He said something that stopped me in my tracks.

“Do you want to follow the technical track or the management track in your career?”

Yikes!

I remember panicking. On an otherwise unremarkable morning, I had unexpectedly come to a crossroads in my career. Did I want the organizational clout and higher paychecks of management? Or would I stick with the technical stuff that I so loved?

Of course, this turned out to be a comical overreaction on my part. My answer didn’t, in any way, bind me for life. And the whole thing was something of a false dichotomy anyway.

But it did get me thinking about what I would later regard as the software architecture career path.

And the software architecture career path is what we’ll talk about in this post. This is an interesting and surprisingly complex topic, simply because you have so many flavors of software architect. Let’s take a look at those flavors and their implications for your career.

Looking for an edge in the competitive quest to become a software architect?

Download the NDepend trial for free to get feedback on the quality of your code and to help you visualize your codebase.

The Software Architecture Career Path

I certainly wasn’t alone in my confusion over what becomes of programmers as they advance in their careers. Some continue programming indefinitely, while others, eagerly or reluctantly, become managers and climb the corporate ladder.

But the software architecture career path splits the difference in a confusing variety of ways.

I challenge you to find a job title with as much variance as “software architect.” The title itself has many different flavors:

Software architect
Application architect
Technical architect
Solutions architect
Enterprise architect

You get the idea.

But beyond the title variance, you also see wide diversity in responsibilities.

Some architects are literally just programmers with developmental job titles.
Others are highly technical, mentoring developers and approving of solutions.
Still others are more like project managers or business analysts. It really varies.

And in this variance lies opportunity. You can take the opportunity to find a role that suits you well in terms of responsibilities while also advancing your career.

For the rest of this post, I’m going to talk about how to take advantage of this opportunity. What skills do you need, and how do you find success?

Bear in mind, I’m also going to describe the different flavors of architects in somewhat broad strokes. The industry doesn’t have a great consensus on what each of these roles really means, so I’m basing this on my own experience.

Whatever you call the different flavors of architect is less important than what they do in their roles and whether the role might suit you.

Continue reading Following the Software Architecture Career Path

The Unit Test Effect Study, Refined

About a month ago, I wrote a post about how unit tests affect (and apparently don’t affect) codebases. That post turned out to be quite popular, which is exciting. You folks gave a lot of great feedback about where we might next take the study. I’ve incorporated some of that feedback and have a followup on the unit test effect on codebases.

Summarized briefly, here are the high points of this second installment and refinement of the study:

Eliminating the “buckets” from the last time.
Introducing more statistical rigor.
Qualifying and refining conclusions from last time.

Also, for the purposes of this post, please keep in mind that non-incorporation of feedback is not a rejection of that feedback. I plan to continue refinement but also to keep posting about progress.

Addressing Some of the Easier Questions and Requests

Before getting started, I’ll answer a few of the quicker-to-answer items that arose out of the comments.

Did your analysis count unit test methods when assessing cyclomatic complexity, etc.?

Yes. It might be interesting to discount unit test methods and re-run analysis, and I may do that at some point.

Can you show the code you’re using? Which codebases did you use?

The scraping/analysis tooling I’ve built using the NDepend API is something that I use in my consulting practice and is in a private repo. As for the list of specific codebases, I’m thinking I’ll publish that following the larger sample size study. In the most general terms, I’m going through pages like this that list (mostly) C# repos and using their links.

What about different/better categorization of unit test quality (test coverage, bolted on later vs. written throughout vs. demonstrably test driven)?

This is definitely something I want to address, but the main barrier here is how non-trivial this is to assess from a data-gathering perspective. So I will do this, but it will also take time.

Think of even just the anecdotally “easy” problem of determining TDD vs. non-TDD. I approximated this by positing that test-driving will create a certain ratio of test methods to production methods since any production method will be preceded by a test method (notwithstanding future extract method refactorings). We could, perhaps, do better by auditing source control history and looking for a certain commit cadence (modification to equal numbers of test/production classes, for instance). But that’s hard, and it doesn’t account for situations with large batch commits, for instance.

The upshot is that it’s going to take some doing, but I think we collectively can figure it out.

Continue reading The Unit Test Effect Study, Refined

Lack of Cohesion of Methods: What Is This And Why Should You Care?

Lack of cohesion of methods (sometimes abbreviated LCOM) is one of those things that occurs fairly high up on the software hierarchy of needs. What’s the “software hierarchy of needs?” It’s a thing that I just made up, shamelessly copying Maslow’s Hierarchy of Needs. (Though in a quick search to see how effectively I’ve planted this flag, I see that Scott Hanselman had the idea before me. But mine looks a little different than his because I’m talking about the software, rather than the humans writing it.)

Anyway, here’s the hierarchy.

The cost of change stays relatively flat because the software is highly maintainable.
You can change it over time in response to evolving requirements and market realities.
It performs and behaves acceptably in production.
Technically, it fulfills the functional requirements and user value proposition.
It simply exists in production.

When it comes to something like lack of cohesion of methods, you’re talking about the top two categories. Early in your career, you’ll tend to have worries like just wheezing past the finish line with a feature and like getting your code to do what you want it to. With practice and time, you then start worrying about non-functional concerns and maintainability. And when you start worrying about that, you should start paying attention to lack of cohesion of methods (among other things).

So for the rest of this post, I’ll focus on this one idea: lack of cohesion of methods. What is it, how do you measure it, and why should you care?

Continue reading Lack of Cohesion of Methods: What Is This And Why Should You Care?

A Guide to Code Coverage Tools for C#

I promise that I’ll get to a treatment of code coverage tools in short order. In this post, I’ll go through 6 different options and list their features to help you make a decision.

But first, I want to offer a quick disclaimer and warning.

If you’re here because you’re looking for a way to let management track the team’s code coverage progress, please stop and reconsider your actions.

I’ve written in the past about how code coverage should not be a management concern, and that holds as true now as ever. Code coverage is a tool that developers should use — not something that should be done to them. Full stop.

With that out of the way, let’s get back to helping developers pick a tool to keep an eye on code coverage.

Interested in seeing a heat map of your codebase’s code coverage?

Download the NDepend trial for free and see what it looks like.

What Is Code Coverage and Why Do It?

Okay, with that out of the way, let’s talk extremely briefly about what code coverage is.

And take note that this is going to be a very simple explanation, glossing over the fact that there are actually (slightly) different ways to measure coverage. But the short form is this. Code coverage measurements tell you which lines of code your test suite executes and which lines it doesn’t.

Let’s look at the simplest imaginable example. Here’s a pretty dubious implementation of division:

public int Divide(int x, int y)
{
    if(y != 0)
        return x / y;

    return 0;
}

public int Divide(int x, int y)

{

if(y != 0)

return x / y;

return 0;

}

Let’s say this was the only method in our codebase. Let’s also say that we wrote a single unit test, from which we invoked Divide(2, 1) and asserted that we should get back 2.

We would then have 67% code coverage. Why?

Well, this test would cause the runtime to test the conditional and then to execute the return x/y statement, thus executing two-thirds of the method. Absent any other tests, no automated test ever executes that last line.

So in the grossest of terms, that’s the “what.” As for the “why,” developers can use code coverage analysis to see holes in their testing efforts. For instance, code coverage analysis would tell us here, “Hey, you need to test the case where you pass a 0 to the method for y.”

What Are Code Coverage Tools?

What, then, are code coverage tools?

Well, as you can imagine, computing code coverage the way I just did would get pretty labor intensive.

So developers have done what developers do. They’ve automated code coverage detection.

In just about any language and tech stack imaginable, you have ways to detect how thoroughly the unit test suite covers your codebase. (Don’t confuse code coverage with an assessment of the quality of your tests, though. It’s just a measure of whether or not the tests execute the code.)

The result is an array of tools to choose from that help you see how well your test suite covers your codebase. And that can become somewhat confusing. So today, I’ll take you through some of your options in the .NET ecosystem.

Let’s take a look at those options.

Continue reading A Guide to Code Coverage Tools for C#

Unit testing doesn't affect codebases the way you think.

Unit Testing Doesn’t Affect Codebases the Way You Would Think

I’ve just wrapped up another study. (The last one was about singletons, if you’re interested.) This time, I looked at unit testing and the impact it has on codebases.

It didn’t turn out the way I expected.

I’m willing to bet that it also won’t turn out that you expected these results. It had a profound effect on certain unexpected codebase properties while having minimal effect on some that seem like no-brainers. But I’ll get to the specifics of that shortly.

First, let me explain a bit about expectations and methodology.

Unit Testing: The Expected Effect on Code

Let’s be clear for a moment here. I’m not talking about the expected effect of unit tests on outcomes. You might say, “We believe in unit testing because it reduces defects” or, “We unit test to document our design intentions,” and I didn’t (and probably can’t) measure those things.

When I talk about the effect of unit testing, I’m talking about the effect it has on the codebase itself. Let’s consider a concrete example to make it clear what I mean. You can’t (without a lot of chicanery) unit test private methods, and you can’t easily unit test internal methods. This creates a natural incentive to make more methods public, so we might expect heavily unit-tested codebases to feature more public methods.

This actually turns out to be true.

I’ll talk more about the axes later in the post. But for now, check out the plot and the trend line. More unit testing means a higher percentage of public methods. Score one for that hypothesis!

With a win there, let’s think of some other hypotheses that seem plausible. Methods with more “going on” tend to be harder to test. So you’d expect relatively simple methods in a highly tested codebase. To get specific, here was what I anticipated in heavily tested codebases:

Less cyclomatic complexity per method.
Fewer lines of code per method.
Lower nesting depth.
Fewer method overloads.
Fewer parameters.

I also had some thoughts about the impact on types:

More interfaces (this makes testing easier).
Less inheritance (makes testing harder).
More cohesion.
Fewer lines of code.
Fewer comments.

Continue reading Unit Testing Doesn’t Affect Codebases the Way You Would Think

5 Tips to Help You Visualize Code

Source code doesn’t have any physical weight — at least not until you print it out on paper. But it carries a lot of cognitive weight. It starts off simply enough. But before long, you have files upon files, folders upon folders, and more lines of code than you can ever keep straight. This is where the quest to visualize code comes in.

The solution file and namespaces organization make for a pretty unhelpful visualization aid. But that’s nothing against those tools. It’s just not what they’re for. Nevertheless, if the only way you attempt to visualize code involves staring at hierarchical folders, you’re gonna have a bad time.

How do most people handle this? Well, they turn to whiteboards, formal design documents, architecture diagrams, and the like. This represents a much more powerful visual aid, and it tends to serve as table stakes of meaningful software development.

But it’s a siren song. It’s a trap.

Why? Well, as I’ve discussed previously, those visualization aids just represent someone’s cartoon of what they think the code will look like when complete. You draw up a nice layer-cake architecture, and you wind up with something that looks more like six tumbleweeds glued to a barbed wire fence. Those visual aids are great…for visualizing what everyone wishes your code looked like.

What I want to talk about today are strategies to visualize code — your actual code, as it exists.

Continue reading 5 Tips to Help You Visualize Code

CRAP Metric Is a Thing And It Tells You About Risk in Your Code

I won’t lie. As I thought about writing this post, I took special glee in contemplating the title. How should I talk about the CRAP metric? *Snicker*

I guess that just goes to show you that some people, like me, never truly grow up. Of course, I’m in good company with this, since the original authors of the metric had the same thought. They wanted to put some quantification behind the common, subjective declaration, “This code is crap!”

To understand that quantification, let’s first consider that CRAP is actually an acronym: C.R.A.P. It stands for change risk anti-patterns, so it addresses the risk of changing a bit of code. In other words, methods with high CRAP scores are risky to change. So the CRAP metric is all about assessing risk.

When you get a firm grasp on this metric, you get a nice way to assess risk in your codebase.

The CRAP Metric: Getting Specific

Okay, so how does one quantify risk of change? After all, there are a lot of ways that one could do this. Well, let’s take a look at the formula first. The CRAP score is a function of methods, so we’ll call it CRAP(m), mathematically speaking. (And yes, typing CRAP(m) made me snicker all over again.)

Let CC(m) = cyclomatic complexity of a method and U(m) = the percentage of a method not covered by unit tests.

CRAP(m) = CC(m)^2 * U(m)^3 + CC(m).

Alright, let’s unpack this a bit. To arrive at a CRAP score, we need a method’s cyclomatic complexity and its code coverage (or really lack thereof). With those figures, we multiply the square of a method’s complexity by the cube of its rate of uncovered code. We then add its cyclomatic complexity to that. I’ll discuss the why of that a little later, but first let’s look at some examples.

First, consider the simplest, least CRAP-y method imaginable: a method completely covered by tests and with no control flow logic. That method has a cyclomatic complexity of 1 and uncovered percentage of 0. That means that CRAP(m) = 1^2 * 0^3 + 1 = 1. So the minimum CRAP metric score is 1. What about a gnarly method with no test coverage and cyclomatic complexity of 6? CRAP(m) = 6^2 * 1^3 + 1 = 37.

The authors of this metric define a CRAP-y method as one with a CRAP score greater than 30, so that last method would qualify.

Continue reading CRAP Metric Is a Thing And It Tells You About Risk in Your Code